re-insert a backport vote (e21671f5) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

STATUS

+20 −0

Original line number	Diff line number	Diff line
		@@ -373,6 +373,26 @@ PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
		trawick will eventually put together a patch for httpd 2.0.next
		+1 concept: trawick, nd, stoddard, wrowe

		* don't propagate input headers describing a body to a GET subrequest
		with no body
		http://svn.apache.org/viewcvs?view=rev&rev=158798
		http://svn.apache.org/viewcvs?view=rev&rev=159410
		http://svn.apache.org/viewcvs?view=rev&rev=160573
		+1: gregames
		-1: jerenkrantz (read_length isn't a sufficient check to see if a body
		is present in the request; presence of T-E and C-L in
		the headers is the correct flag.)
		gregames: done in rev 160573
		±0: wrowe (this has a negative impact on modules who wish to 'inspect'
		the headers, e.g. an xml transformation affected by the query
		string or request POST args. The right solution is adopt apreq,
		providing an API for filters to participate in POST bodies.)
		gregames: this does not affect POSTs. the affected function helps
		create a GET subrequest with no body and is unprepared to deal with
		subrequest bodies. any modules or applications wishing to
		inspect headers will in fact work better because the headers will
		reflect reality.


		CURRENT VOTES: