On Sat, Feb 21, 2009 at 1:23 PM, Bertrand Mansion <[email protected]> wrote: > Hello, > I was wondering why support of libapreq2 was removed from mod_lua? > > The way mod_lua currently deals with cookies, querystring and POST > data is not very robust nor complete. > Actually it would be nice to have something like libapreq2 available > in Apache directly :) I wouldn't be interested by the perl bindings or > the module, but the library itself would be very useful for mod_lua I > think, unless you have better plans for this functionalities?
The changes introduced in revision 723652 by pquerna broke the API (for the worse). It used to be possible to have two form fields with the same key, the values were returned in a table, now they are overwritten. Furthermore, the values are not escaped anymore. I really don't understand why support for libapreq was removed. Even the author of these changes calls them a bad and inefficient hack. As mentioned by someone else, they also open a DoS security hole. So again, if the author of these changes could let me know why he made them and what he had in mind, I would be thankful. (if that's not the place were I should ask, please let me know, that would explain why nobody replies)
