Randal L. Schwartz wrote:
"Randal" == Randal L Schwartz <merlyn@stonehenge.com> writes:
"Alex" == Alex Solovey <[EMAIL PROTECTED]> writes:
Alex> The problem is due to unescaped variable interpolation in regular
Alex> expression $uri =~ /$path_info$/ in sub namespace_from:
Randal> I don't want to raise too many alarms, but this means that every MP1
Randal> server has a denial-of-service attack against it now.
And MP2 as well, from ModPerl::RegistryCooker:
my $path_info = $self->{REQ}->path_info;
my $script_name = $path_info && $self->{URI} =~ /$path_info$/
? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
: $self->{URI};
Wonderful. Won't take long until this makes the rounds. Better start
getting the patches out and the press releases.
Ok, help me out here Merlyn. Will this fix it?
[EMAIL PROTECTED] ~/dev/modperl/mod_perl-2.0 $ svn diff
ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
Index: ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
===================================================================
--- ModPerl-Registry/lib/ModPerl/RegistryCooker.pm (revision 508723)
+++ ModPerl-Registry/lib/ModPerl/RegistryCooker.pm (working copy)
@@ -337,7 +337,7 @@
my $self = shift;
my $path_info = $self->{REQ}->path_info;
- my $script_name = $path_info && $self->{URI} =~ /$path_info$/
+ my $script_name = $path_info && $self->{URI} =~ /\$path_info$/
? substr($self->{URI}, 0, length($self->{URI}) -
length($path_info))
: $self->{URI};
