On Mon, Jan 27, 2003 at 03:07:01PM +0000, Matt Sergeant wrote:
> Anyway the main reason for doing this is there's no other way. Since
> headers_out is just a plain table object, and there are no "setter" hooks
> for tables, so I couldn't do it in mod_perl space. And I couldn't do it in
> AxKit space, so I had to patch Apache, which has a single exit point for
> all headers. I find it quite disappointing that people don't support
> fixing security issues here :-/
Please, you where the one that posted this snippet of code in the first
place:
$r->headers_out->add('Set-Cookie' => 'mycookie=' .
$r->param('myparam'));
I do support fixing security issues, and to all fairness you should have
brought this to [EMAIL PROTECTED]'s attention.
<quote from security buletin>
As a reminder, we respectfully request that anyone who finds a potential
vulnerability in our software reports it to [EMAIL PROTECTED]
</quote>
I've given my two cents and so have you, you said you posted a patch to
dev@httpd that fixes it in the right place and I applaud that.
/Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
