* Greg Stein <[EMAIL PROTECTED]> wrote:
<snip>
> That's a rather complicated "if" statement, and you removed the comment.
> I'd ask that you leave a comment in there to provide a human-readable
> version of that condition.
hehe, ok. I've thought that the new version of the statement was
self-explaining enough :-)
>
> > if (conf->logemail && ap_is_initial_req(r)) {
> > ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
> > - "Anonymous: Passwd <%s> Accepted",
> > - sent_pw ? sent_pw : "\'none\'");
> > + "Anonymous: Passwd <%s> Accepted",
> > + sent_pw ? sent_pw : "\'none\'");
> > }
>
> Hmm. This is taking input from the request and dropping it right into the
> log. I don't recall what our policy is around there. Do we need to escape
> it in any way? (e.g. remove newlines)
I don't recall about any policy about error logs. But we should escape it,
sure -- on a more central place (i.e. core).
nd
