You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2011/02/10 23:57:02 UTC
svn commit: r1069603 - /httpd/httpd/branches/2.2.x/STATUS
Author: wrowe
Date: Thu Feb 10 22:57:02 2011
New Revision: 1069603
URL: http://svn.apache.org/viewvc?rev=1069603&view=rev
Log:
Votes
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1069603&r1=1069602&r2=1069603&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Feb 10 22:57:02 2011
@@ -174,7 +174,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
with reason string for why suEXEC is disabled)
Plz consider where doc for directive should go. Patch has it in core, as
enabling/disabling the basic capability is not split out into mod_unixd 2.2.x.
- +1: trawick, covener
+ +1: trawick, covener, wrowe
* mod_proxy_http: Become aware of ssl handshake failures when attempting
to pass request. Makes it so workers are put in error state when a
@@ -183,7 +183,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1039304
http://svn.apache.org/viewvc?view=revision&revision=1053584
2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26450
- +1: rpluem, jim
+ +1: rpluem, jim, wrowe
* core: Add NoDecode option to AllowEncodedSlashes to turn off decoding
of encoded slashes in path info. (This is already the behavior of
@@ -192,11 +192,18 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Backport version for 2.2.x of patch:
http://people.apache.org/~poirier/AllowEncodedSlashes.22.patch
+1 poirier, jim
+ +.1 wrowe; this essentially causes "%2F" -> "%2F" -> "%252F" to any backend,
+ as mentioned previously trunk is broken and decoding to 'something'
+ is necessary for routing such. %2F cannot be distinguished from
+ %252F on the front end, adding risks. All this said, not against
+ an optional broken feature if this warning is placed in the docs.
+ Non-optional broken features are worse :)
+ Trunk must be patched identically.
* configure: add basic support to build with MinGW/MSYS (backport of r422182)
Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=422182
2.2.x patch: http://people.apache.org/~fuankg/diffs/r422182-2.2.x.diff
- +1 fuankg
+ +1 fuankg, wrowe
PATCHES/ISSUES THAT ARE STALLED
Re: svn commit: r1069603 - /httpd/httpd/branches/2.2.x/STATUS
Posted by Dan Poirier <po...@pobox.com>.
On Thu. 2011-02-10 at 05:57 PM EST, wrowe@apache.org wrote:
> Author: wrowe
> Date: Thu Feb 10 22:57:02 2011
> New Revision: 1069603
...
>
> * core: Add NoDecode option to AllowEncodedSlashes to turn off decoding
> of encoded slashes in path info. (This is already the behavior of
> @@ -192,11 +192,18 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
> Backport version for 2.2.x of patch:
> http://people.apache.org/~poirier/AllowEncodedSlashes.22.patch
> +1 poirier, jim
> + +.1 wrowe; this essentially causes "%2F" -> "%2F" -> "%252F" to any backend,
> + as mentioned previously trunk is broken and decoding to 'something'
> + is necessary for routing such. %2F cannot be distinguished from
> + %252F on the front end, adding risks. All this said, not against
> + an optional broken feature if this warning is placed in the docs.
> + Non-optional broken features are worse :)
> + Trunk must be patched identically.
Bill, patching trunk identically would change the behavior of
"AllowEncodedSlashes On" in trunk from not decoding %2F to decoding %2F.
Before doing that, I wanted to double-check that was the intention, and
make sure nobody else objected to that behavior change in trunk.
(Background for those who haven't been following along: In trunk,
AllowEncodedSlashes On does not decode %2F. In 2.2.x,
AllowEncodedSlashes On does decode %2F. The proposed patch to 2.2.x
would add another option in 2.2.x, AllowEncodedSlashes NoDecode, which
would allow the encoded slashes but not decode them.)
Dan