On 03/27/2014 01:38 PM, Nick Kew wrote: > On Thu, 2014-03-27 at 13:21 +0100, Daniel Gruno wrote: > >> You can't log a warning or strip the newline; >> 1) it's a const char* so magical things will happen if you edit it(?) >> 2) we don't have a pool handy to make a new string without the newline >> or log an error. >> >> As I said in the commit msg in trunk, it's an ugly hack, and if someone >> finds a more clever way of solving it, I'm all ears :) Maybe I'm >> forgetting something entirely obvious, who knows. > > If you're going to do security checking, you need to work through it. > The absence of a pool suggests this may be the wrong place for it. > > Perhaps what needs to happen is you set a "bogus-value seen" flag, > then check it at an appropriate point when you can manipulate > values or abort requests, and log errors? Would that require > excessive shoehorning? > I follow your idea completely, but the way mod_lua is written, it's just not possible at the moment to do what you and I really want. I'll look into whether we can rewrite this completely or find another way around it (we need to get a hold of the request_rec in a place where it's just not being passed to us), but for the time being, I wanted to prevent cases where users are not paranoid enough about what they output, and so I implemented _what could be done with the current setup_.
I will definitely look into a prettier fix. With regards, Daniel.
