Re: [Bug 57785] REDIRECT_URL is not suitable for use in server-generated pages

+1... I think I'd like to do a 2.4.18 release mid-Nov and pick up these pieces as well as some http/2 fixes. > On Oct 23, 2015, at 3:22 PM, Eric Covener wrote: > > My opinion is to make it opt-in before the next 2.4, but I am not > committed to that. > > Before I do doc,

Fwd: [Bug 57785] REDIRECT_URL is not suitable for use in server-generated pages

My opinion is to make it opt-in before the next 2.4, but I am not committed to that. Before I do doc, any other thoughts? http://people.apache.org/~covener/patches/redirecturl-optin.diff This adds a directive to core.c called QualifyRedirectURL that must be set to ON to run the 2.4.17 code.

Re: [Bug 57785] REDIRECT_URL is not suitable for use in server-generated pages

+1 on this as well. That looks like a good fix that won’t break existing functionality. I know a lot of apps are working on updates now to fix these changes, but it’ll still be good to have this pushed back a bit. Thank you! — Jacob Perkins Product Owner cPanel Inc. jacob.perk...@cpanel.net

Re: [Bug 57785] REDIRECT_URL is not suitable for use in server-generated pages

On Fri, Oct 23, 2015 at 9:22 PM, Eric Covener wrote: > My opinion is to make it opt-in before the next 2.4, but I am not > committed to that. > > Before I do doc, any other thoughts? > > http://people.apache.org/~covener/patches/redirecturl-optin.diff Looks sensible, +1

Re: [Bug 57785] REDIRECT_URL is not suitable for use in server-generated pages

On Fri, 23 Oct 2015 15:22:27 -0400 Eric Covener wrote: > My opinion is to make it opt-in before the next 2.4, but I am not > committed to that. Hehe. I was leaning towards introducing separate vars for full URL and fragment. But your patch looks good to me. -- Nick Kew