You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by David Robinson <dr...@ast.cam.ac.uk> on 1995/10/03 14:47:00 UTC
More patches
15_urlchars.0.8.14.patch
Subject: Correctly reject bad and impossible URLs
Affects: httpd.h, util.c, http_request.c
ChangeLog: Reject bad % escapes with 400, and URL path segments containing
/ or \0
Comment: The two characters forbidden in a UNIX filename are / and \0.
This patch causes requests with these (% encoded) to be rejected,
rather than treating %2f as a segment separator, and treating %00
as the end of the URL.
16_alias.0.8.14.patch
Subject: Allow user control over trailing slash in alias
Affects: mod_alias.c, mod_dir.c
ChangeLog: Do not strip trailing slash from Alias arguments; correct test
for a trailing slash when redirecting /foo -> /foo/
Comment: Removing the trailing slash from Alias arguments meant that it
was impossible to (Script)Alias /foo and /foo/ differently.
I think there are sufficient patches pending that we need a new release,
1.0 notwithstanding.
David.