On Sun, 09 Sep 2007 11:41:53 +0200 Ruediger Pluem <[EMAIL PROTECTED]> wrote:
> > > On 09/08/2007 02:46 PM, wrote: > > Author: niq > > Date: Sat Sep 8 05:46:10 2007 > > New Revision: 573831 > > > > URL: http://svn.apache.org/viewvc?rev=573831&view=rev > > Log: > > Add option to escape backreferences in RewriteRule. > > PR 34602 and PR 39746 > > Patch by Guenther Gsenger The patch is in bugzilla. I applied it without modification because: * It fixes both the bugs listed. * The code looks good. I'm sure it could benefit from further refactoring, but I didn't want to spend more time on this than necessary. > I am a little bit unsure if this can have security implications in > some cases. I'd like to see an example of how it might affect security. > Does it make sense to duplicate code? Shouldn't this be placed in > util.c? Very likely. But that escalates it from a bugfix to an API change. > How about using apr_pstrndup instead? Indeed. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
