Bertrand Mansion wrote: > On Sat, Feb 21, 2009 at 1:23 PM, Bertrand Mansion <bmans...@mamasam.net> > wrote: >> Hello, >> I was wondering why support of libapreq2 was removed from mod_lua? >> >> The way mod_lua currently deals with cookies, querystring and POST >> data is not very robust nor complete. >> Actually it would be nice to have something like libapreq2 available >> in Apache directly :) I wouldn't be interested by the perl bindings or >> the module, but the library itself would be very useful for mod_lua I >> think, unless you have better plans for this functionalities? > > The changes introduced in revision 723652 by pquerna broke the API > (for the worse). It used to be possible to have two form fields with > the same key, the values were returned in a table, now they are > overwritten. Furthermore, the values are not escaped anymore. > > I really don't understand why support for libapreq was removed. Even > the author of these changes calls them a bad and inefficient hack. As > mentioned by someone else, they also open a DoS security hole. > > So again, if the author of these changes could let me know why he made > them and what he had in mind, I would be thankful.
They are made because pulling in all of libapreq as a dependency to httpd didn't make sense. There as been talk of importing large chunks of libapreq into the core httpd, and I think that makes sense, but no one has committed to finishing this work, SO, thats why the horrible hacks I wrote went into mod_lua. -Paul
