You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by David Robinson <dr...@ast.cam.ac.uk> on 1995/10/03 14:47:00 UTC

More patches

15_urlchars.0.8.14.patch
  Subject: Correctly reject bad and impossible URLs
  Affects: httpd.h, util.c, http_request.c
  ChangeLog: Reject bad % escapes with 400, and URL path segments containing
             / or \0
  Comment: The two characters forbidden in a UNIX filename are / and \0.
           This patch causes requests with these (% encoded) to be rejected,
           rather than treating %2f as a segment separator, and treating %00
           as the end of the URL.

16_alias.0.8.14.patch
  Subject: Allow user control over trailing slash in alias
  Affects: mod_alias.c, mod_dir.c
  ChangeLog: Do not strip trailing slash from Alias arguments; correct test
             for a trailing slash when redirecting /foo -> /foo/
  Comment: Removing the trailing slash from Alias arguments meant that it
           was impossible to (Script)Alias /foo and /foo/ differently.

I think there are sufficient patches pending that we need a new release,
1.0 notwithstanding.

 David.