Skip to content
Commit 5f32e966 authored by Chris Pepper's avatar Chris Pepper
Browse files

Clarify some wording.

	Note this change (as previously written, it implied that 1.3.5
	had this vulnerability, which is not true). I'm not sure if
	"httpd 2.0" is the preferred name.

-    <p>Note that in versions previous to 2.0.46 no escaping has been performed
+    <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
     on the strings from <code>%...r</code>, <code>%...i</code> and
     <code>%...o</code>. This was mainly to comply with the requirements of
     the Common Log Format. This implied that clients could insert control
     characters into the log, so you had to be quite careful when dealing
     with raw log files.</p>

-    <p>For security reasons starting with 2.0.46 non-printable and
+    <p>For security reasons, starting with 2.0.46, non-printable and
     other special characters are escaped mostly by using
     <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
     the hexadecimal representation of the raw byte. Exceptions from this
     rule are <code>"</code> and <code>\</code> which are escaped by prepending
-    a backslash, and all whitespace characters that are written in their
-    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
+    a backslash, and all whitespace characters which are written in their
+    C-style notation (<code>\n</code>, <code>\t</code> etc).</p>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99302 13f79535-47bb-0310-9956-ffa450edef68
parent 9dae2a7e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment