Skip to content
  1. Nov 01, 2003
  3. Oct 30, 2003
  5. Oct 29, 2003
  7. Oct 26, 2003
  9. Oct 24, 2003
  11. Oct 23, 2003
  13. Oct 22, 2003
  15. Oct 15, 2003
  17. Oct 14, 2003
  19. Oct 11, 2003
  21. Oct 10, 2003
  23. Oct 02, 2003
  25. Sep 30, 2003
  27. Sep 29, 2003
  29. Sep 27, 2003
  31. Sep 25, 2003
  33. Sep 23, 2003
    • Cliff Woolley's avatar
      The problem that this patch solves is one where cookie names are mis-identified · 86429387
      Cliff Woolley authored 
      by mod_usertrack. This is because of the use of strstr() in spot_cookie() the
original mod_usertrack.c to find the name of the cookie. strstr(), by virtue of
looking for a substring instead of an exact match, can mis-identify the cookie
"MyID" as the cookie "ID" or "My". So, if you were looking for the value of the
cookie "ID", but only the cookie "MyID" was returned by the browser,
mod_usertrack.c would return the value of the "MyID" cookie in place of the
"ID" you were looking for.

Even more seriously, because strstr is invoked before the cookie name is
separated from its cookie value, a cookie and value like
"myCookie=thisisnotIDeal" will be a false positive if you told mod_usertrack
the cookie name was ID. Furthermore, using this example, "eal" will get logged
as the value of the cookie; now that strstr has incorrectly identified the
substring "ID" as the cookie name, the following "e" (assumed to be the "="
sign) gets discarded, and the remaining content used as the value of
the cookie.

Replacing the strstr() with a more robust regex match fixes this problem.

PR:    16661
Submitted by:   Manni Wood <manniwood@planet-save.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101306 13f79535-47bb-0310-9956-ffa450edef68
      86429387
  35. Sep 19, 2003
  37. Sep 17, 2003
  39. Sep 16, 2003
  41. Sep 15, 2003
  43. Sep 12, 2003
    • Paul J. Reder's avatar
      · 1cc25263
      Paul J. Reder authored 
       This fixes the cache code so that responses can be cached if they have
 an Expires header but no Etag or Last-Modified headers. PR 23130.
 Submitted by: <bjorn@exoweb.net>
 Reviewed by: Paul J. Reder


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101231 13f79535-47bb-0310-9956-ffa450edef68
      1cc25263
  45. Sep 11, 2003
    • Paul J. Reder's avatar
      · 21c59ded
      Paul J. Reder authored 
      Fix a couple of AIX xlc_r compiler issues in the cache code I previously
committed. [Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101221 13f79535-47bb-0310-9956-ffa450edef68
      21c59ded
    • Paul J. Reder's avatar
      · 5e0fe314
      Paul J. Reder authored 
        Modified the cache code to be header-location agnostic. Also
  fixed a number of other cache code bugs related to PR 15852.
  Includes a patch submitted by Sushma Rai <rsushma@novell.com>.
  This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
  closing the PR since that is what they are using. [Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101218 13f79535-47bb-0310-9956-ffa450edef68
      5e0fe314
  47. Sep 05, 2003
  49. Sep 03, 2003
  51. Aug 31, 2003