- Mar 21, 2002
-
-
William A. Rowe Jr authored
Introduce proper escaping of command.com and cmd.exe for Win32. These patches close vulnerability CAN-2002-0061, identified and reported by Ory Segal <ory.segal@sanctuminc> 13 Feb 2002, by which any invocation of .bat or .cmd files permit system comprimize when cmd.exe parsed the args passed from QUERY_STRING. [William Rowe] Patches of the set reviewed by Allan Edwards and Bill Stoddard, while the security solutions were reviewed at length by the entire security community at the ASF. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94092 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Retain the Unix sh escapes list for compatibility. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94090 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Share ap_double_quotes() code between OS2 and Win32 to use for Win32's command.com, and introduce ap_caret_escape_args() for Win32's cmd.exe. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94089 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
directive handles this. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94086 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
the original site Server header with it's own, which is not allowed by RFC2616. Fixed. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94085 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
the URL instead of the value of the ServerName directive. This stops Apache redirecting to a different website name to the one the user typed in, which can break cookies and javascript handling on the client. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94084 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
are broken in that they contain dates which in turn contain commas - so merging and then unmerging them breaks Set-Cookie headers. Sigh. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94082 13f79535-47bb-0310-9956-ffa450edef68
-
Cliff Woolley authored
notice premature EOF's while looking for the "expr=" tag. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94079 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Clear up a signed/unsigned comparison and assignment. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94078 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Introduce earlier identification of command.com v.s. cmd.exe for Win32 .bat/.cmd scripts, and assure we treat command.com as a 16-bit application. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94077 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Clarify some difficult to read code by modifying comments to express the current behavior, and deprecate some long unused win32 code. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94076 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Pass the command line to the cmd.exe /c interpreter double quoted. This fixes a bug that CGI args ending in a double-quote would cause invocation to fail. Just fixed the converse problem in Apache 2.0, where assumed they all acted as cmd.exe, which command.com will not. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94075 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Win32; Never invoke cmd or bat scripts based on the registry, even with 'ScriptInterpreterSource Registry' enabled, since I've discovered the registry is inconsistent between the versions of WinNT/2K/XP. [William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94074 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Provide Win32 users a log of the cgi command invoked, to assist in debugging scripts, at LogLevel info. Also provide env vars at LogLevel debug for additional help to admins troubleshooting the ever mysterious "Premature end of script headers" error. Since this is the single most common cause of trouble reports on the newslist, at least this gives us something to point users at. [Aaron Bannert] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94073 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Add the 'CgiCommandArgs off' directive, to allow paranoid admins to disable the query argument passing mechanism in Apache. [Aaron Bannert] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94072 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 19, 2002
-
-
Lars Eilebrecht authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94022 13f79535-47bb-0310-9956-ffa450edef68
-
Bill Stoddard authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94021 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR: Obtained from: Submitted by: Reviewed by: CVSe ---------------------------------------------------------------------- git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94016 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 16, 2002
-
-
William A. Rowe Jr authored
Yes Cliff... this can go in changes too. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93975 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Resolve bugs introduced by my Rev 1.173, which attempted to close a type mismatch error. This truncation should now produce a random result, once again. PR 10090, 10185 Bug pinpointed by Jeroen Boomgaardt <jeroen@swissclue.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93974 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 14, 2002
-
-
Martin Kraemer authored
PR: 9932 Submitted by: Joshua Colvin <joshua@jammed.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93933 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 13, 2002
-
-
Roy T. Fielding authored
the wrong license. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93919 13f79535-47bb-0310-9956-ffa450edef68
-
Bradley Nicholes authored
configuration file errors to the logger screen rather than to the Apache screen. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93905 13f79535-47bb-0310-9956-ffa450edef68
-
Bradley Nicholes authored
configuration file errors to the logger screen rather than to the Apache screen. This allows Apache to shutdown cleanly and completely on an error condition without losing the error information that was written to the screen or requiring user interaction to close the Apache screen. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93904 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 09, 2002
-
-
Graham Leggett authored
buffer used while reading from the remote server in proxy was taken from ProxyReceiveBufferSize. These two functions were similar but not the same, thus the need for the split. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93821 13f79535-47bb-0310-9956-ffa450edef68
-
David McCreedy authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93809 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 08, 2002
-
-
Graham Leggett authored
wrong variable. PR: Obtained from: Submitted by: Geff Hanoian <geff@pier64.com> Reviewed by: Graham Leggett git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93803 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 06, 2002
-
-
Jim Jagielski authored
PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93724 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 05, 2002
-
-
Aaron Bannert authored
documents. PR: 9906, 10040 Obtained from: Tomas �gren <stric@ing.umu.se>, Dennis Lundberg <dennis.lundberg@mdh.se> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93712 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 02, 2002
-
-
Ben Laurie authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93675 13f79535-47bb-0310-9956-ffa450edef68
-
Ben Laurie authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93674 13f79535-47bb-0310-9956-ffa450edef68
-
Graham Leggett authored
to a remote server by default. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93670 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 01, 2002
-
-
Jim Jagielski authored
for the weekend to finalize some patches. Let's shoot for next week for the 1.3.24 release git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93667 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 28, 2002
-
-
Lars Eilebrecht authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93645 13f79535-47bb-0310-9956-ffa450edef68
-
Lars Eilebrecht authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93644 13f79535-47bb-0310-9956-ffa450edef68
-
Bradley Nicholes authored
the OS does not have pipe support git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93643 13f79535-47bb-0310-9956-ffa450edef68
-
Bradley Nicholes authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93641 13f79535-47bb-0310-9956-ffa450edef68
-
Bradley Nicholes authored
log rotation problem for NetWare since the NetWare OS does not support pipes and can therefore not use the RotateLog utility. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93640 13f79535-47bb-0310-9956-ffa450edef68
-
Justin Erenkrantz authored
I am of the mind that it should not be added, but I won't stop anyone if they garner 3 +1s from actual testing and feedback. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93638 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 27, 2002
-
-
Justin Erenkrantz authored
PR: 9915 Submitted by: Will Lowe <harpo@thebackrow.net> Reviewed by: Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93593 13f79535-47bb-0310-9956-ffa450edef68
-