On Mon, Jan 27, 2003 at 02:45:13PM +0000, Matt Sergeant wrote: > On Mon, 27 Jan 2003, Thomas Eibner wrote: > > > So, because a programmer doesn't check the validity of the input he gets > > it's a bug that should be fixed in Apache? Maybe someone should make > > sure that the same thing can't happen with allowing CGI input going > > straight into a form.. oh wait. > > I don't see anyone from dev@httpd wanting to "fix" this bogus error when > > it's really just doing what the programmer wants to do (when he is not > > validating the input). > > The programmer wants to output a header. If he accidentally tries to > output something thats not a header he actually ends up outputting body. > Thats a bug.
I can see the validity of your point, but it's still a programmer error. The same thing could happen if you did this as plain CGI and outputted something you weren't supposed to do. We have full access to the API and can do whatever we want (both in Perl and C), that doesn't mean we should let our guards down. I still don't consider this a serious problem :) /Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
