* Jeff Trawick wrote: >> + * Forward port: Escape special characters (especially control >> + characters) in mod_log_config to make a clear distinction between >> + client-supplied strings (with special characters) and server-side >> + strings. This was already introduced in version 1.3.25. >> >> + * Fix mod_rewrite's path handling. It's essentially broken for non-unices >> + for ages. PR 12902. > > alternative opinion: neither of these are showstoppers...
Sure :) > not a > security problem, hmm. Bogus characters _can_ break the logfiles and it was never ported to 2.x. At least it may prevent some people to switch from 1.3 to 2.x. But ok, it may be a question of taste. > not new breakage compared with previous release, > instead something that has been working that way for ages and will not > be an unpleasant surprise to anyone mod_rewrite was finally broken in <http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/mappers/mod_rewrite.c.diff?r1=1.83&r2=1.84&diff_format=h> which is 2.0.27 (log time ago). Before this change it was mostly usable by some workarounds. The change was unfortunately backported to 1.3.25 (<http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_rewrite.c.diff?r1=1.175&r2=1.176&diff_format=h>) which made it also unusable in nearly all cases in 1.3. I'm still considering the mod_rewrite fix to be _very_ important. The very small subset of RewriteRules that do work on non-unices is IMHO not sufficient for a *GA* version. nd -- package Hacker::Perl::Another::Just;print [EMAIL PROTECTED] split/::/ =>__PACKAGE__]}~; # Andr� Malo # http://www.perlig.de #
