On Wed, Oct 31, 2001 at 02:50:54PM -0500, Rodent of Unusual Size wrote: > > * The core input filter has no idea if it's working on > > a request line or header line. > > Then I consider this perilously close to a showstopper > for GA; the Limit* directives, which were added for a > reason, appear worthless -- an unacceptable regression. > Does even LimitRequestFields work at this point?
Yes, they are worthless because the core input filter has no way of knowing if it is working on a request, header, or body line. There is simply a call to ap_get_brigade with *readbytes == 0. That code has no way of knowing what the maximum request fields size is (it has no knowledge of HTTP). This point was brought up by OtherBill and Aaron when we discussed the input filtering changes (i.e. maybe we should have a maximum). I think readline should be a distinct mode not an interpretation of the length (and the passed-in length can now be the max to read). As Greg Ames pointed out, I'm not a fan of this commit, but it is an appropriate stopgap until something cleaner comes along. -- justin