*) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
authorization provider in lua. [Stefan Fritsch]
+ *) core: Be less strict when checking whether Content-Type is set to
+ "application/x-www-form-urlencoded" when parsing POST data,
+ or we risk losing data with an appended charset. PR 53698
+ [Petter Berntsen <petterb gmail.com>]
+
*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: make ap_parse_form_data less strict when checking for a correct
- Content-Type header when parsing POST, or we risk losing valid
- data with an appended charset.
- Submitted by: Petter Berntsen <petterb gmail com>
- (Changed since the original commit, hence the long list of revisions)
- PR: 53698
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1372054
- http://svn.apache.org/viewvc?view=revision&revision=1372055
- http://svn.apache.org/viewvc?view=revision&revision=1372305
- http://svn.apache.org/viewvc?view=revision&revision=1372349
- http://svn.apache.org/viewvc?view=revision&revision=1372419
- 2.4.x patch: http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch
- +1: humbedooh, rjung, jim
- rjung: I added a combined 2.4.x patch for convenience, because the change
- is only one line
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
/* sanity check - we only support forms for now */
ct = apr_table_get(r->headers_in, "Content-Type");
- if (!ct || strcmp("application/x-www-form-urlencoded", ct)) {
+ if (!ct || strncasecmp("application/x-www-form-urlencoded", ct, 33)) {
return ap_discard_request_body(r);
}
projects / apache / commitdiff