[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: svn commit: r1194999 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
From: fuankg () apache ! org
Date: 2011-10-29 19:44:45
Message-ID: 20111029194446.84B0723888FD () eris ! apache ! org
[Download RAW message or body]
Author: fuankg
Date: Sat Oct 29 19:44:45 2011
New Revision: 1194999
URL: http://svn.apache.org/viewvc?rev=1194999&view=rev
Log:
Applied backport: Invert logic for env var utf-8 fixing.
Now we exclude a list of vars which we know for sure they
dont hold utf-8 chars; all other vars will be fixed. This
has the benefit that now also all vars from 3rd-party
modules will be fixed.
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1194999&r1=1194998&r2=1194999&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Oct 29 19:44:45 2011
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.22
+ *) mod_win32: Invert logic for env var UTF-8 fixing.
+ Now we exclude a list of vars which we know for sure they dont hold UTF-8
+ chars; all other vars will be fixed. This has the benefit that now also
+ all vars from 3rd-party modules will be fixed. PR 13029 / 34985.
+ [Guenter Knauf]
+
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1194999&r1=1194998&r2=1194999&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Oct 29 19:44:45 2011
@@ -92,18 +92,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_win32: Invert logic for env var UTF-8 fixing.
- Now we exclude a list of vars which we know for sure they
- dont hold UTF-8 chars; all other vars will be fixed. This
- has the benefit that now also all vars from 3rd-party modules
- will be fixed. This fix is based on PR 13029 / 34985, and
- includes now the SSL_ and GEOIP_ vars; otherwise its impossible
- to run CGIs when mod_ssl and/or mod_geoip are loaded and those
- mods return UTF-8 chars in any var during a request.
- Trunk patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?r1=1054347&r2=1146932
- 2.2.x patch: http://people.apache.org/~fuankg/diffs/2.2.x-mod_win32.c.diff
- +1: fuankg, gsmith, rjung
-
* mod_log_config: Fix segfault for 'BufferedLogs Off'. PR 50861.
Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1082518
2.2.x patch: Trunk patch works
Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c?rev=1194999&r1=1194998&r2=1194999&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c (original)
+++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c Sat Oct 29 19:44:45 \
2011 @@ -531,13 +531,13 @@ static apr_status_t ap_cgi_build_command
* application (following the OEM or Ansi code page in effect.)
*/
for (i = 0; i < elts_arr->nelts; ++i) {
- if (win_nt && elts[i].key && *elts[i].key
- && (strncmp(elts[i].key, "HTTP_", 5) == 0
- || strncmp(elts[i].key, "SERVER_", 7) == 0
- || strncmp(elts[i].key, "REQUEST_", 8) == 0
- || strcmp(elts[i].key, "QUERY_STRING") == 0
- || strcmp(elts[i].key, "PATH_INFO") == 0
- || strcmp(elts[i].key, "PATH_TRANSLATED") == 0)) {
+ if (win_nt && elts[i].key && *elts[i].key && *elts[i].val
+ && !(strncmp(elts[i].key, "REMOTE_", 7) == 0
+ || strcmp(elts[i].key, "GATEWAY_INTERFACE") == 0
+ || strcmp(elts[i].key, "REQUEST_METHOD") == 0
+ || strcmp(elts[i].key, "SERVER_ADDR") == 0
+ || strcmp(elts[i].key, "SERVER_PORT") == 0
+ || strcmp(elts[i].key, "SERVER_PROTOCOL") == 0)) {
prep_string((const char**) &elts[i].val, r->pool);
}
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic