* Stas Bekman <[EMAIL PROTECTED]> wrote:
This change:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/log.c?r1=1.127.2.4&r2=1.127.2.5&diff_format=h
now escapes \n and \t chars. Why in the world would you do that? How are we supposed to work with multilined and formatted with \t data?
We aren't. The errorlog is not supposed to store table data. It's *line* oriented. I consider this as a long outstanding security fix not a breakage.
Yes, but we use it to log error messages which aren't under our control. e.g. from user's programs, like cgi scripts. what are we supposed to do? parse and split a multiline message and invoke the logger n times?
What security fault in printing a new line and tab characters? Sorry if I've missed this discussion. Any pointers?
I also fail to see server/http_log.h telling anything about this newly introduced restriction. It was never documented as line oriented, which means that you just changed the public API in the middle of the road, no? May be it's OK for 2.1, but definitely not for 2.0, since the moment users upgrade their httpd from 2.9.48 to 2.0.49 (when that's released), they won't be very happy about this change.
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
