+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
Dear Jack,
Holy Cross Posting Batman!
I'm just replying to the proper forum ([EMAIL PROTECTED])
I feel that this topic involves more than the just the mod_python
development list. It involves also the developers that use mod_python to
create Python frameworks based on mod_python, and also the
MSIE breaks Digest authentication whenever there is a GET Query string. This
is noted in the httpd manual, but provides no work around. By my reading of
the RFCs we do use the correct implmentation, and most other browsers follow
it. But because MSIE does not follow it, it prevents the
ap_http_filter seems to assume it will receive an empty
brigade from its caller. The problem is around lines
1028 - 1035 in http_protocol.c:
rv = ap_get_brigade(f-next, b, mode, block, readbytes);
if (rv != APR_SUCCESS) {
return rv;
}
/* How many bytes did we just
On Sun, 8 Jun 2003, Paul Querna wrote:
This Patch is setup to use a BrowserMatch directive to allow MSIE
clients to use Digest Authentication.
That's strange... I'd have sworn somebody already submitted just such a
patch. Might do us well to look back in the archives and find out what
ever
* Cliff Woolley wrote:
On Sun, 8 Jun 2003, Paul Querna wrote:
This Patch is setup to use a BrowserMatch directive to allow MSIE
clients to use Digest Authentication.
That's strange... I'd have sworn somebody already submitted just such a
patch. Might do us well to look back in the
On Mon, 9 Jun 2003, [ISO-8859-1] André Malo wrote:
Just my opinion: I don't like it very much, since it decreases security and
violates the RFC very hard. The Client should be fixed, not the server.
...but I won't stand in the way if there are positive votes on it.
Well, part of the reason I
I found at least the following two threads:
http://marc.theaimsgroup.com/?l=apache-httpd-devm=101702475008999w=2
http://marc.theaimsgroup.com/?l=apache-httpd-devm=104014871203110w=2
The first of those threads also refers to PR#7063, submitted 1/13/01:
http://bugs.apache.org/index.cgi/full/7063
On Mon, 9 Jun 2003 04:07:02 +0200, André Malo wrote
Just my opinion: I don't like it very much, since it decreases
security and violates the RFC very hard. The Client should be fixed,
not the server. but I won't stand in the way if there are
positive votes on it.
The security is only
Joe Schaefer wrote:
ap_http_filter seems to assume it will receive an empty
brigade from its caller. The problem is around lines
1028 - 1035 in http_protocol.c:
rv = ap_get_brigade(f-next, b, mode, block, readbytes);
if (rv != APR_SUCCESS) {
return rv;
}
/* How many
Stas Bekman [EMAIL PROTECTED] writes:
Joe Schaefer wrote:
ap_http_filter seems to assume it will receive an empty brigade from its
caller.
[...]
I think that assumptions is valid for all filters and is correct by (an
undocumented) design.
I sure hope it's not by design, because an
On Mon, Jun 09, 2003 at 01:14:01AM -0400, Joe Schaefer wrote:
I sure hope it's not by design, because an unsuspecting content-handler
author who violates the (undocumented) assumption can segfault the
server quite by accident. But if it is by design, *why* isn't there
at least an
Justin Erenkrantz [EMAIL PROTECTED] writes:
[...]
Doc patches welcomed to make it more explicit. -- justin
Index: include/util_filter.h
===
RCS file: /home/cvspublic/httpd-2.0/include/util_filter.h,v
retrieving revision 1.76
diff
13 matches
Mail list logo