The problem that this patch solves is one where cookie names are mis-identified
by mod_usertrack. This is because of the use of strstr() in spot_cookie() the
original mod_usertrack.c to find the name of the cookie. strstr(), by virtue of
looking for a substring instead of an exact match, can mis-identify the cookie
"MyID" as the cookie "ID" or "My". So, if you were looking for the value of the
cookie "ID", but only the cookie "MyID" was returned by the browser,
mod_usertrack.c would return the value of the "MyID" cookie in place of the
"ID" you were looking for.
Even more seriously, because strstr is invoked before the cookie name is
separated from its cookie value, a cookie and value like
"myCookie=thisisnotIDeal" will be a false positive if you told mod_usertrack
the cookie name was ID. Furthermore, using this example, "eal" will get logged
as the value of the cookie; now that strstr has incorrectly identified the
substring "ID" as the cookie name, the following "e" (assumed to be the "="
sign) gets discarded, and the remaining content used as the value of
the cookie.
Replacing the strstr() with a more robust regex match fixes this problem.
Paul J. Reder [Fri, 12 Sep 2003 19:28:47 +0000 (19:28 +0000)]
This fixes the cache code so that responses can be cached if they have
an Expires header but no Etag or Last-Modified headers. PR 23130.
Submitted by: <bjorn@exoweb.net>
Reviewed by: Paul J. Reder
Paul J. Reder [Thu, 11 Sep 2003 14:56:03 +0000 (14:56 +0000)]
Modified the cache code to be header-location agnostic. Also
fixed a number of other cache code bugs related to PR 15852.
Includes a patch submitted by Sushma Rai <rsushma@novell.com>.
This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
closing the PR since that is what they are using. [Paul J. Reder]
Simplify includes - we always (in HTTPD 2.1 forward) are looking
for the openssl/foo.h headers explicitly. Fix the abs.dsp build
to define HAVE_OPENSSL instead of USE_SSL so the correct headers
are included upfront.
revert my previous commit. when 2.0 and 2.1 were not in sync, i went with
what was in 2.0 because it was more recent, but it turns out that was
the wrong choice. reverts to 2.0 to follow
Resolve the ap_get_client_block() showstopper by looking at APR_BRIGADE_LAST
of what we get from ap_get_brigade and set a nugget for our next call to
pick up on.
Cliff Woolley [Thu, 28 Aug 2003 05:54:44 +0000 (05:54 +0000)]
Updated the various MPM's to use the new bucket_alloc_create_ex API
when necessary. Which is to say that it's necessary in all cases except
for prefork, where the change to apr-util to have it use the allocator
from the pool passed in is already sufficient.
Cliff Woolley [Thu, 28 Aug 2003 05:41:32 +0000 (05:41 +0000)]
axe some warnings:
mod_dav_lock.c:72: warning: no previous prototype for `dav_generic_get_lockdb_path'
locks.c: In function `dav_generic_really_open_lockdb':
locks.c:356: warning: unused variable `db'
locks.c: In function `dav_generic_load_lock_record':
locks.c:606: warning: unused variable `buf'
locks.c: In function `dav_generic_remove_lock':
locks.c:1081: warning: unused variable `buf'
André Malo [Thu, 28 Aug 2003 01:13:11 +0000 (01:13 +0000)]
cleanup the TOKEN_AND/OR tree generation code.
- check more exactly whether the previous token is correct
- flip the tree from left-weighted to right-weighted, which is
more natural and more efficient, since we don't need to loop
up to the root, but just until the next and/or token.
- that way, flip the short circuit evaluation again to cut
the right side now if possible...
André Malo [Wed, 27 Aug 2003 20:26:28 +0000 (20:26 +0000)]
hrm. reverting my last commit. TOKEN_GROUP is a protection against many
invalid expressions. Checking these all manually would take a lot more
cycles than it'd save. Sorry.
André Malo [Wed, 27 Aug 2003 19:32:35 +0000 (19:32 +0000)]
TOKEN_GROUP is nothing but an identity operator, it gateways the
result of the enclosed expression. Since this expression will never
touched again during the tree-building stage, we can safely strip
TOKEN_GROUP from the tree and later evaluate the child directly.
The only side effect of this change is, that grouped strings on the
left side of EQ/NE/etc are now allowed (was invalid before), which
is acceptable IMHO (e.g. (foo bar baz) = zzzip)
André Malo [Wed, 27 Aug 2003 18:00:47 +0000 (18:00 +0000)]
cleanup TOKEN_EQ, NE, LT & co tree generator:
- the left side of such an operator can *only* be a string
- get a rid of the while-loop and re-organize the code
to better reflect what we're actually doing there
André Malo [Tue, 26 Aug 2003 00:32:03 +0000 (00:32 +0000)]
since our parse tree is left-weighted, the short circuit evaluation
is way more useful if we short circuit the left side. So evaluate
the right side first. This, however, reverses my statement about
regex optimization (you have to put them onto the right side of an
&& or || operator to get a chance that the left side will be cutted).
André Malo [Mon, 25 Aug 2003 22:06:45 +0000 (22:06 +0000)]
readability improvement. Handle the case of the current token being the
first parsed explicitly. There's probably also a minor performance improvement
on invalid expressions ... ;-)
André Malo [Mon, 25 Aug 2003 16:05:13 +0000 (16:05 +0000)]
short circuit && and || evaluation. For backwards compat this is only
possible if there's no regex on the short circuited side (since it fills
in the backref data). The user may optimize this by putting the regex
onto the left side of the operator.
André Malo [Mon, 25 Aug 2003 03:30:50 +0000 (03:30 +0000)]
if the tokenizer hits a string which begins with a backslash, this
backslash will be skipped and not recognized as an escape character.
That way, <!--#if expr="\)"--> or the like won't work correctly.
Fix it now.
André Malo [Mon, 25 Aug 2003 00:16:04 +0000 (00:16 +0000)]
Ha! Wrote this combined tree dumper and consistency checker just for fun.
...and saw that the expression parser generates inconsistent trees under
some circumstances. So I've decided that the dumper code may be of public
interest :). The actual bugfixes will follow later.
Fixup IPv6 Listen statements on Linux by attempting to bind in the order
that getaddrinfo() returned to us and skipping binding to IPv4 addresses
if the previous bind was to an IPv6 of the same address and port.
Justin made some style changes, added a (struct in6_addr*) to make it compile
on *BSD as well as an attempt to make the addition of the listener to the list
a little more efficient.
André Malo [Sun, 24 Aug 2003 00:25:42 +0000 (00:25 +0000)]
cleanup the conditional expression parser for
- improved efficiency and memory footprint
- improved readability
- style
This includes an overhaul of the debugging macros, mostly
that they are not always in the way if one tries to understand
the code ;-)
André Malo [Sat, 23 Aug 2003 03:53:34 +0000 (03:53 +0000)]
don't waste memory, if someone configures another error message or
timeformat during runtime. The common case doesn't need max_string_len
at all and won't be configured more than one or two times.
André Malo [Sat, 23 Aug 2003 03:27:51 +0000 (03:27 +0000)]
overhaul of ap_ssi_parse_string
- improve efficiency and memory footprint (don't use the power-of-two
allocator)
- allow the combination of out = NULL && length = 0, which means that
the resulting expansion is unlimited in length