brian 98/06/30 01:08:35
Modified: src CHANGES Log: Correct attributions; trailing dots and trailing slashes had separate patches and I was getting confused. Revision Changes Path 1.941 +2 -2 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.940 retrieving revision 1.941 diff -u -r1.940 -r1.941 --- CHANGES 1998/06/29 19:01:59 1.940 +++ CHANGES 1998/06/30 08:08:33 1.941 @@ -27,7 +27,7 @@ *) Win32 (security): Eliminate trailing "."s in path components. These are ignored by the Windows filesystem, and so can be used to bypass security. - [Ben Laurie, Alexei Kosut, W G Stoddard]. + [Ben Laurie, Alexei Kosut]. *) We now attempt to dump core when we get SIGILL. [Jim Jagielski] @@ -45,7 +45,7 @@ *) Win32 (security): Eliminate directories consisting of three or more dots; these are treated by Win32 as if they are ".." but are not detected by other machinery within Apache. This is something of a kludge but - eliminates a security hole. [W G Stoddard, Ben Laurie] + eliminates a security hole. [Manoj Kasichainula, Ben Laurie] *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses pools and thus pollutes libap (until the pool stuff is moved there).