- Dec 11, 2007
-
-
Jeff Trawick authored
This has no security impact since the browser cannot be tricked into sending arbitrary method strings. (words from jorton) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603346 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
* modules/mappers/mod_imagemap.c (menu_header): Fix cross-site-scripting issue by escaping the URI, and ensure that a charset parameter is sent in the content-type to prevent autodetection by broken browsers. Reported by: JPCERT git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603282 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
installer. This will permit the installation tool to remove all running instances before attempting to remove the .exe. Note that since the introduction of CriticalSections, our compatibility with NT 4 was destroyed, and at this point that is no loss (there are no more security updates to NT 4 ergo it's not an OS we want connected to the internet, anyways). The WTS api calls require 2000 or later, but I'm not wrapping them since nobody notices the same issue with CriticalSections. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603238 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
member of the proxy_conn_rec struct as we destroy this data more frequently than other data in the proxy_conn_rec struct like hostname and addr (at least in the case where we have keepalive connections that timed out and were closed by the backend). This fixes a memory leak with short lived and broken connections. PR: 44026 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603237 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
time) but empty it (via APR_BRIGADE_PREPEND) and reuse it. Submitted by: Stefan Fritsch <sf sfritsch.de> Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603227 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 10, 2007
-
-
Mladen Turk authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602806 13f79535-47bb-0310-9956-ffa450edef68
-
Mladen Turk authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602795 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 09, 2007
-
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602740 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602736 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
PR: 23567 Submitted by: Stefan Fritsch <sf sfritsch.de> Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602735 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602710 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602709 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602682 13f79535-47bb-0310-9956-ffa450edef68
-
Justin Erenkrantz authored
* modules/http/http_filters.c (ap_http_filter): Put case on its own line. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602657 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 08, 2007
-
-
Ruediger Pluem authored
Basicly the persistence is created by keeping the conn_rec structure created for our backend connection (whether http or https) in the connection pool. This required to adjust scoreboard.c in a way that its functions can properly deal with a NULL scoreboard handle by ignoring the call or returning an error code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602542 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
by jim. No functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602533 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602509 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
termination is completely unneeded and superflous. In which case, the original allocation size is sufficient since nothing external worries about a NULL nor looks for it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602491 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
* Precreate all needed brigades, save them in the filter context and reuse them in order to avoid frequent recreations using the request pool. * Use a temporary pool for all the needed copy stuff and clean it up every time we passed the passbb brigade down the chain. We can pass the brigade down the chain directly after we processed one bucket from the original brigade as buffering is done by the network filters. * Use transient instead of pool buckets. * There are cases that lead to the exceptional situation of a very large passbb bucket brigade (about 1,000,000 buckets) as a result of processing 4 MB of a file. So I add a flush bucket once I have more than MAX_BUCKET (1000) buckets in the brigade and pass it down the chain to get it send and the passbb bucket brigade cleaned up and its memory reusable again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602469 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602456 13f79535-47bb-0310-9956-ffa450edef68
-
Ruediger Pluem authored
BODY_CHUNK_PART state like we do several lines later in the code in the same situation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602349 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 06, 2007
-
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601635 13f79535-47bb-0310-9956-ffa450edef68
-
Vincent Bray authored
Submitted by Lucien Gentis <lucien.gentis lorraine.iufm.fr> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601634 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 05, 2007
-
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601377 13f79535-47bb-0310-9956-ffa450edef68
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601365 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 04, 2007
-
-
Joe Orton authored
SSL_renegotiate makes no sense here; remove copied comment. No functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@601003 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 03, 2007
-
-
William A. Rowe Jr authored
with a hanging '*') git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600651 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Determined to be not generally exploitable, but a flaw in any case. PR: 44014 Submitted by: Victor Stinner <victor.stinner inl.fr> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600645 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600497 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
validity period from the OCSP response and check it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600493 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
log message since the passed-in cert may be e.g. the peer's issuer. * modules/ssl/ssl_private.h (ssl_log_cxerror): Don't mention the word peer here either. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600486 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
response-header count is exceeded. Also bump to APLOG_ERR the log message given after a header read error. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600482 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
TLS upgrade, require only the presence of a "TLS/1.0" token somewhere in the Upgrade request-header, rather than as the exact header value. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600479 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
ssl_io_filter_init): Don't clear f->r here after adding connection filters since ap_add_*_filter now guarantee to do it internally. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600477 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
request_rec pointer when adding connection filters; minor MMN bump: * server/util_filter.c (add_any_filter_handle): Set f->r for connection filters even if passed-in r is non-NULL. Style nit fix also. * include/util_filter.h (ap_add_output_filter, ap_add_output_filter_handle): Document new API guarantee. * include/ap_mmn.h: Minor MMN bump. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600473 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 02, 2007
-
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600246 13f79535-47bb-0310-9956-ffa450edef68
-
Vincent Bray authored
Reported by: Takashi Sato <serai lans-tv.com> Confirmed by: Vincent Jong <megaspaz tron.megaspaz.net> & noodl git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600245 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 01, 2007
-
-
Ruediger Pluem authored
This will not change the logic if no "-l" gets used, and it will spare one call to apr_time_now() in case "-l" gets used and more important it gives the code better atomicity, because in fact between the two calls there is a slight change of jumping oder the DST boundary - for historic reasons the same code block is used two times with a slightly different way of transforming apr_time_t to int (once division by APR_USEC_PER_SEC, once call to apr_time_sec()), so let's unify it. - finally move the block into a function, because it gets used already two times. PR: 44004 Submitted by: Rainer Jung <rainer.jung kippdata.de> Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600154 13f79535-47bb-0310-9956-ffa450edef68
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600038 13f79535-47bb-0310-9956-ffa450edef68
-
Vincent Bray authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600037 13f79535-47bb-0310-9956-ffa450edef68
-