On 2/13/2011 2:12 AM, Roy T. Fielding wrote: > On Feb 12, 2011, at 8:02 PM, Branko Čibej wrote: > >> On 12.02.2011 23:00, Graham Leggett wrote: >>> On 12 Feb 2011, at 10:23 PM, Roy T. Fielding wrote: >>> >>>>> As part of https://issues.apache.org/bugzilla/show_bug.cgi?id=16521, >>>>> we currently accept dates that are trailed by extra characters >>>>> without complaining. The following patch marks such dates as >>>>> APR_DATE_BAD. Does this patch make sense? >>>> >>>> No, we don't complain because some clients send dates with extra >>>> junk on the end, like Netscape did with the ugly ;len=size crap >>>> on the end of an IMS field. >>> >>> That was my gut feel, which is why I asked - if we've managed to get >>> as far as gleaning a date from the string, that should be good enough. >>> >>> I'll mark that part as wontfix. >> >> Sorry, how is this APR's problem? Shouldn't HTTPD do the nonstandard >> browser-specific request header parsing? By leaving this in, we condemn >> all other APR users to writing validation code. > > The code was developed for httpd and inherited by APR. If APR wants > to change its function, then define a new function name and leave > the old one as is.
Or add a PEDANTIC option flag?
