* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack.  Use logitem-escaping on the request string to
make it charset-neutral.

Reported by: Stefan Esser <sesser hardened-php.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@549159 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@549138 13f79535-47bb-0310-9956-ffa450edef68

for signal handling appropriate for httpd debugging.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@549136 13f79535-47bb-0310-9956-ffa450edef68

not affected by this change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@549131 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@548014 13f79535-47bb-0310-9956-ffa450edef68

Apache child process PIDs and uses that to check validity
of what's in the scoreboard.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@547987 13f79535-47bb-0310-9956-ffa450edef68

Rather than handling lingering closes inline, fall down to a following if block, which handles them correctly.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546715 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546708 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546707 13f79535-47bb-0310-9956-ffa450edef68

Add the 'Define' command to the core.  This does exactly the same thing as adding a -D FOO to your command line.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546651 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546650 13f79535-47bb-0310-9956-ffa450edef68

 - Empty lines should not have spaces
 - Declare static functions in http_core.c at the top.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546632 13f79535-47bb-0310-9956-ffa450edef68

Add a clogging_input_filters variable to the conn_rec, enabling the Event MPM to know when its running with an input filter that buffers its own data, like mod_ssl.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546328 13f79535-47bb-0310-9956-ffa450edef68

Fix a bug in the use of i2d_SSL_SESSION, since it increments the pointer of the buffer passed, we need to use ucaData rather than ucp to put it into memcache.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546326 13f79535-47bb-0310-9956-ffa450edef68

is going to hurt anyone.

PR: 42615


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546221 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546128 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@546024 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545845 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545841 13f79535-47bb-0310-9956-ffa450edef68

Submitted by Tony Stevenson.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545834 13f79535-47bb-0310-9956-ffa450edef68

For the DBM SSL Session Cache, propogate down pools to use for allocations.  In most cases, we can use the conn_rec::pool, but for ssl_callback_DelSessionCacheEntry, we still use the long lived configuration pool, but this change at least makes it easier to fix in the future.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545610 13f79535-47bb-0310-9956-ffa450edef68

Propogate the conn_rec::pool down to ssl_scache_retrieve so that the memcache layer doesn't 'leak' into a long lived pool for temp allocations.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545608 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545538 13f79535-47bb-0310-9956-ffa450edef68

Noticed By: Ryan Phillips


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545392 13f79535-47bb-0310-9956-ffa450edef68

Use the absolute timeout, as provided by mod_ssl, rather than trying to calculate a relative timeout. (which did it wrong anyways).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545385 13f79535-47bb-0310-9956-ffa450edef68

Add support for distributed caching of SSL Sessions inside memcached, using apr_memcache, which is present in APR-Util 1.3/trunk.

This was originally written at ApacheCon US 2005 (San Diego), and was sent to the list:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200512.mbox/%3C439C6C07.9030904@force-elite.com%3E

This version is slightly cleaned up, and of course, uses the now bundled apr_memcache, rather than an external dependency.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@545379 13f79535-47bb-0310-9956-ffa450edef68

  configuration in the scoreboard and not with the ones loaded from the
  configuration files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@544930 13f79535-47bb-0310-9956-ffa450edef68

mod_mem_cache: Copy headers into longer lived storage; header names and
values could previously point to cleaned up storage

PR: 41551
Submitted by: Davi Arnaut <davi haxent.com.br>
Reviewed by: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@543515 13f79535-47bb-0310-9956-ffa450edef68

  accordingly if ret is HTTP_NOT_MODIFIED as this breaks mod_cache validating a
  stale entity.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541990 13f79535-47bb-0310-9956-ffa450edef68

  for our later call to ap_meets_conditions a few lines above. Having it put
  in the merge table will fail as merge and r->err_headers_out get merged
  AFTER our call to ap_meets_conditions. Besides of this having multiple
  ETag headers (or a merged version of them) does not seem to make sense.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541974 13f79535-47bb-0310-9956-ffa450edef68

We've just had another duplicate report of this on bugzilla.
We've got a simple patch, and people asking WTF is going on
with inaction.  Noone seems clear on why the patch shouldn't
be applied (http://marc.info/?l=apache-httpd-dev&m=117760311129386&w=2).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541926 13f79535-47bb-0310-9956-ffa450edef68

frequently-asked (IRC) question that came up yet again today.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541685 13f79535-47bb-0310-9956-ffa450edef68

Submitted by Vincent Bray noodlet at gmail dot com, 
edited and reviewed by sctemme


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541138 13f79535-47bb-0310-9956-ffa450edef68

don't actually have a driver-specific value to pass to apr_dbd_error(),
but that's OK because most/all drivers just ignore this value anyway


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539687 13f79535-47bb-0310-9956-ffa450edef68

response or are invalid.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539621 13f79535-47bb-0310-9956-ffa450edef68

* modules/cache/mod_cache.c
  (cache_save_filter): Properly handle HEAD responses when we have a stale handle.

(This patch was revised by Justin/Ruediger.)

Submitted by: Niklas Edmundsson
Reviewed by: Justin, Ruediger


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539620 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539433 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539431 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539282 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@539119 13f79535-47bb-0310-9956-ffa450edef68