granicus.if.org Git - apache/commit

author	William A. Rowe Jr <wrowe@apache.org>
	Fri, 14 Oct 2016 20:48:43 +0000 (20:48 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Fri, 14 Oct 2016 20:48:43 +0000 (20:48 +0000)
commit	84ce5d25db7e83ad4103ea106a6f2256f618bc1c
tree	8c19ba9914d4f117324d39f092fcbad033599b9b	tree \| snapshot
parent	b610c3b0e3571bd93e7a7352204bdf1a01f55d7e	commit \| diff

Dropped the never-released ap_has_cntrls() as it had very limited
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.

Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.

Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.

Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/core.xml		diff \| blob \| history
modules/http/http_filters.c		diff \| blob \| history
server/core.c		diff \| blob \| history
server/gen_test_char.c		diff \| blob \| history
server/protocol.c		diff \| blob \| history
server/util.c		diff \| blob \| history