Skip to content
  1. Apr 09, 2003
    • Chris Pepper's avatar
      Clarify some wording. · 5f32e966
      Chris Pepper authored
      	Note this change (as previously written, it implied that 1.3.5
      	had this vulnerability, which is not true). I'm not sure if
      	"httpd 2.0" is the preferred name.
      
      -    <p>Note that in versions previous to 2.0.46 no escaping has been performed
      +    <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
           on the strings from <code>%...r</code>, <code>%...i</code> and
           <code>%...o</code>. This was mainly to comply with the requirements of
           the Common Log Format. This implied that clients could insert control
           characters into the log, so you had to be quite careful when dealing
           with raw log files.</p>
      
      -    <p>For security reasons starting with 2.0.46 non-printable and
      +    <p>For security reasons, starting with 2.0.46, non-printable and
           other special characters are escaped mostly by using
           <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
           the hexadecimal representation of the raw byte. Exceptions from this
           rule are <code>"</code> and <code>\</code> which are escaped by prepending
      -    a backslash, and all whitespace characters that are written in their
      -    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
      +    a backslash, and all whitespace characters which are written in their
      +    C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99302 13f79535-47bb-0310-9956-ffa450edef68
      5f32e966
  2. Apr 07, 2003
  3. Apr 06, 2003
  4. Apr 05, 2003
  5. Apr 04, 2003