Re: cvs commit: httpd-2.0 STATUS

Fri, 16 Jan 2004 09:25:21 -0800 

>        * unescaped error logs seem to be essential for some folks
>          backport -DAP_UNSAFE_ERROR_LOG_UNESCAPED to 2.0 and 1.3
>            server/log.c: r1.139, r1.140
>   -    +1: nd
>   +    +1: nd, stas

should this get another vote, I have patches for 2.0 and 1.3 ready.

--Geoff

Index: server/log.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/log.c,v
retrieving revision 1.127.2.6
diff -u -r1.127.2.6 log.c
--- server/log.c        1 Jan 2004 13:30:43 -0000       1.127.2.6
+++ server/log.c        14 Jan 2004 15:19:00 -0000
@@ -401,7 +401,10 @@
                            const request_rec *r, apr_pool_t *pool,
                            const char *fmt, va_list args)
 {
-    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
+    char errstr[MAX_STRING_LEN];
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+    char scratch[MAX_STRING_LEN];
+#endif
     apr_size_t len, errstrlen;
     apr_file_t *logf = NULL;
     const char *referer;
@@ -538,15 +541,28 @@
     }
 
     errstrlen = len;
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
     if (apr_vsnprintf(scratch, MAX_STRING_LEN - len, fmt, args)) {
         len += ap_escape_errorlog_item(errstr + len, scratch,
                                        MAX_STRING_LEN - len);
     }
+#else
+    len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args);
+#endif
 
     if (   r && (referer = apr_table_get(r->headers_in, "Referer"))
-        && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)) {
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+        && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)
+#endif
+        ) {
         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
-                            ", referer: %s", scratch);
+                            ", referer: %s",
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+                            scratch
+#else
+                            referer
+#endif
+                            );
     }
 
     /* NULL if we are logging to syslog */

Index: src/main/http_log.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_log.c,v
retrieving revision 1.98
diff -u -r1.98 http_log.c
--- src/main/http_log.c 1 Jan 2004 13:32:54 -0000       1.98
+++ src/main/http_log.c 16 Jan 2004 16:15:14 -0000
@@ -313,11 +313,15 @@
                           const server_rec *s, const request_rec *r,
                           const char *fmt, va_list args)
 {
-    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
+    char errstr[MAX_STRING_LEN];
     size_t len;
     int save_errno = errno;
     FILE *logf;
 
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+    char scratch[MAX_STRING_LEN];
+#endif
+
     if (s == NULL) {
        /*
         * If we are doing stderr logging (startup), don't log messages that are
@@ -445,10 +449,14 @@
     }
 #endif
 
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
     if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
         len += ap_escape_errorlog_item(errstr + len, scratch,
                                        sizeof(errstr) - len);
     }
+#else
+    len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
+#endif
 
     /* NULL if we are logging to syslog */
     if (logf) {

Reply via email to