Ruediger Pluem wrote:
+AP_DECLARE(apr_status_t) ap_body_to_table(request_rec *r, apr_table_t **table)
.....
I guess in the user of this function should advice the end user to carefully thing about setting LimitRequestBody. Otherwise this can be easily used for DoS.
Yes, I believe before 2.4.0/stable, we should replace this function with one powered by apreq, which has a more-streamy parser that handles much more without duplicating the entire body.
-Paul