[ANNOUNCE] Apache::ASP v2.29

[Joshua Chamas <jo...@chamas.com>]

Hey,

Apache::ASP v2.29 has been released, CHANGES below, and you can 
get it in your local CPAN, or:

  http://www.perl.com/CPAN-local/modules/by-module/Apache/

There are some major bugs fixed in this release, that stem
from new work in the 2.25 release.  These bugs are about empty
$Sessions not getting garbage collected & POST requests over
fast LAN connections sometimes returning an empty web response
of 0 bytes.

There were other optimizations, features & bugfixes this
release.  Some big features are XML::LibXSLT support for 
XSLT rendering and support for running under "PerlTaintCheck On"
security config.

--Josh
_________________________________________________________________
Joshua Chamas                           Chamas Enterprises Inc.
NodeWorks Founder                       Huntington Beach, CA  USA 
http://www.nodeworks.com                1-714-625-4051

CHANGES:

 +Added some extra help text to the ./cgi/asp --help message
  to clarify how to pass arguments to a script from the command line.

 +When using $Server->Mail() API, if Content-Type header is set,
  and MIME-Version is not, then a "MIME-Version: 1.0" header will be sent
  for the email.  This is correct according to RFC 1521 which specifies
  for the first time the Content-Type: header for email documents.
  Thanks to Philip Mak for pointing out this correct behavior.

 +Made dependent on MLDBM::Sync version .25 to pass the taint_check.t test

 +Improved server_mail.t test to work with mail servers were relaying is denied

 +Added <html><body> tags to MailErrorsTo email

 --Fixed SessionCount / Session_OnEnd bug, where these things were not
  working for $Sessions that never had anything written to them.
  This bug was introduced in 2.23/2.25 release.

  There was an optimization in 2.23/2.25 where a $Session that was never
  used does not write its state lock file & dbm files to disk, only if
  it gets written too like $Session->{MARK}++.  Tracking of these NULL $Sessions 
  then is handled solely in the internal database.  For $Session garbage 
  collection though which would fire Session_OnEnd events and update 
  SessionCount, the Apache::ASP::State->GroupMembers() function was just 
  looking for state files on disk ... now it looks in the internal database 
  too for SessionID records for garbage collection.

  Added a test at ./t/session_events.t for these things.

 +Some optimizations for $Session API use.

 +Added support for XSLT via XML::LibXSLT, patch courtesy of Michael Buschauer

 -Got rid of an warning when recompiling changing includes under perl 5.6.1...
  undef($code) method did not work for this perl version, rather undef(&$code) does.
  Stopped using using Apache::Symbol for this when available.

 -Make Apache::ASP script run under perl taint checking -T for perl 5.6.1...
  $code =~ tr///; does not work to untaint here, so much use the slower:
  $code =~ /^(.*)$/s; $code = $1; method to untaint.

 -Check for inline includes changing, included in a dynamic included
  loaded at runtime via $Response->Include().  Added test case for
  this at t/include_change.t.  If an inline include of a dynamic include
  changes, the dynamic include should get recompiled now.

 -Make OK to use again with PerlTaintCheck On, with MLDBM::Sync 2.25.
  Fixed in ASP.pm, t/global.asa, and created new t/taint_check.t test script

 +Load more modules when Apache::ASP is loaded so parent will share more
  with children httpd: 
   Apache::Symbol 
   Devel::Symdump 
   Config 
   lib 
   MLDBM::Sync::SDBM_File

 +When FileUploadMax bytes is exceeded for a file upload, there will not
  be an odd error anymore resulting from $CGI::POST_MAX being triggered,
  instead the file upload input will simply be ignored via $CGI::DISABLE_UPLOADS.
  This gives the developer the opportunity to tell the user the the file upload
  was too big, as demonstrated by the ./site/eg/file_upload.asp example.

  To not let the web client POST a lot of data to your scripts as a form
  of a denial of service attack use the apache config LimitRequestBody for the 
  max limits.  You can think of PerlSetVar FileUploadMax as a soft limit, and 
  apache's LimitRequestBody as a hard limit.

 --Under certain circumstances with file upload, it seems that IsClientConnected() 
  would return an aborted client value from $r->connection->aborted, so
  the buffer output data would not be flushed to the client, and 
  the HTML page would return to the browser empty.  This would be under
  normal file upload use.  One work-around was to make sure to initialize
  the $Request object before $Response->IsClientConnected is called,
  then $r->connection->aborted returns the right value.
  
  This problem was probably introduced with IsClientConnected() code changes
  starting in the 2.25 release.