[Review] log escaping documentation

[André Malo]

Next one ...

Since Apache 1.3.25 and starting with 2.0.46 logs are escaped, which needs 
to be documented. Attached is a patch of mod_log_config.xml. It's intended 
to go also into the 1.3 docs (but with another version number ...)

Some review is desired. Thanks :)

nd
-- 
If God intended people to be naked, they would be born that way.
  -- Oscar Wilde


Index: manual/mod/mod_log_config.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_log_config.xml,v
retrieving revision 1.16
diff -u -r1.16 mod_log_config.xml
--- manual/mod/mod_log_config.xml       13 Mar 2003 23:16:04 -0000      1.16
+++ manual/mod/mod_log_config.xml       4 Apr 2003 21:03:24 -0000
@@ -185,11 +185,19 @@
     "%!200,304,302{Referer}i" logs <code>Referer:</code> on all requests
     which did <em>not</em> return some sort of normal status.</p>
 
-    <p>Note that there is no escaping performed on the strings from
-    <code>%...r</code>, <code>%...i</code> and <code>%...o</code>. This
-    is mainly to comply with the requirements of the Common Log Format.
-    This implies that clients can insert control characters into the log,
-    so care should be taken when dealing with raw log files.</p>
+    <p>Note that in versions previous to 2.0.46 no escaping has been performed
+    on the strings from <code>%...r</code>, <code>%...i</code> and
+    <code>%...o</code>. This was mainly to comply with the requirements of
+    the Common Log Format. This implied that clients could insert control
+    characters into the log.</p>
+
+    <p>For security reasons starting with 2.0.46 non-printable and
+    other special characters are escaped mostly by using
+    <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for the
+    the hexadecimal representation of the raw byte. Exceptions from this
+    rule are <code>"</code> and <code>\</code> which are escaped by prepending
+    a backslash, and all whitespace characters that are written in their
+    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
 
     <p>Some commonly used log format strings are:</p>
 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]