of most confusion over cgi or fcgid failures, or even starting rotatelogs,
etc, when the server binaries have been relocated, pass the library path
as paired with the system PATH.
Of course, PATH and platform-specific library path(s) may be modified as
needed with mod_env, so there is no loss of functionality with this change.
The days of monolithic binaries are long gone, even on 1970's architectures,
and PATH should not be decoupled from the library path.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1000593 13f79535-47bb-0310-9956-ffa450edef68
When a script returns a no-body response code, pretend it was a HEAD
request so as to drop any body the script might erroneously generate.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@760167 13f79535-47bb-0310-9956-ffa450edef68
for our later call to ap_meets_conditions a few lines above. Having it put
in the merge table will fail as merge and r->err_headers_out get merged
AFTER our call to ap_meets_conditions. Besides of this having multiple
ETag headers (or a merged version of them) does not seem to make sense.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@541974 13f79535-47bb-0310-9956-ffa450edef68
ap_get_server_description().
High-level summary:
The full server version information is now included in the error log at
startup as well as server status reports, irrespective of the setting
of the ServerTokens directive.
Third-party modules must now use ap_get_server_banner() or
ap_get_server_description() in place of ap_get_server_version().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@440337 13f79535-47bb-0310-9956-ffa450edef68
bottom (APR/system) up -- we can't give the client a 64bit API and
then cast it to 32bits internally without introducing security holes
on other platforms.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105572 13f79535-47bb-0310-9956-ffa450edef68
Content-Range in r->headers_out, so that the byterange filter knows to
do nothing for a CGI script which produced a content-range.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103971 13f79535-47bb-0310-9956-ffa450edef68
because of the changes to the argument lists of apr_mmap_dup and apr_socket_create,
2.1-dev won't build with apr and apr-util's 0.9 branch anymore
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101154 13f79535-47bb-0310-9956-ffa450edef68
redirection target is not access protected and pass it
to scripts using the REDIRECT_REMOTE_USER environment variable.
PR: 10678, 11602.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100604 13f79535-47bb-0310-9956-ffa450edef68
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
and SSI requests. It's safe to escape as only the '<', '>',
and '&' characters are affected, which won't appear in a valid
hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
[Brian Pane]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97064 13f79535-47bb-0310-9956-ffa450edef68
explicitly tell the server that warning messages should be sent
to the client in addition to being recorded in the error log.
Prior to this change, ap_log_rerror() always sent warning
messages to the client. In one case, a faulty CGI script caused
the server to send a warning message to the client that contained
the full path to the CGI script. This could be considered a
minor security exposure.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94744 13f79535-47bb-0310-9956-ffa450edef68
reads in mod_cgi: eof wasn't treated as an error condition when
reading the script headers, so we were delivering a 200 when a
CGI script produced no output.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94342 13f79535-47bb-0310-9956-ffa450edef68
