On 08.06.2012 10:58, Plüm, Rüdiger, Vodafone Group wrote:
-----Original Message-----
From: Joe Orton
Sent: Freitag, 8. Juni 2012 10:38
To: [email protected]
Subject: Re: post-CVE-2011-4317 (rewrite proxy unintended
interpolation) rewrite PR's
On Thu, Jun 07, 2012 at 01:23:29PM -0400, Eric Covener wrote:
e.g. RewriteOptions +"I know I'm running this regex against something
that's not guaranteed to look like a URL-path, and I'll write a regex
that carefully matches/captures the input"
How about this? I'm not sure how to put the right level of fear into
the name. AllowUnsafeURI? AllowInsecureURIMatch?
+1 for the patch as such. Option name discussion may take some time :-)
+1 as well.
Rainer
