2016-07-29 10:30 GMT+02:00 Stefan Eissing <[email protected]>:
> > > Am 28.07.2016 um 18:50 schrieb William A Rowe Jr <[email protected]>: > > > > On Thu, Jul 28, 2016 at 10:29 AM, Luca Toscano <[email protected]> > wrote: > > > > I'd really like to have more opinions from other readers of the list.. > > > > ++1, we've presented our thoughts, it would be good to have others chime > in. > > If we see CGI as a kind of input that is not strictly regulated by HTTP > header formats (and that is an if), we should correct timezone offset to > GMT, but otherwise leave the time unchanged. It might be our clock that has > the issue. Meddling with it will not help anyone debugging problems. > > If the value is unparseable, we should log it and suppress sending out a > "Last-Modified" completely. Also any "If-*" checking should behave as if > the header was not present. > > The alternative is to expect the CGI to honor HTTP/1.1 header semantics, > pass values unchanged and let CGI and client run into misunderstandings > immediately. > > all my personal opinion. restrictions for backward compat in 2.2/2.4 apply. > > -Stefan Thanks a lot for the feedback Stefan! At this point it seems to me that the best way forward is to amend the current trunk's code with a patch like this one: http://apaste.info/uHT The change tries to satisfy the following feedbacks: 1) A trace1 log about Last-Modified header replace actions is present (not too much verbose). 2) Some comments have been added in the code to state clearly that any non compliant datetime strings will not be interpreted or re-formatted. 3) ap_update_mtime and ap_set_last_modified will be the only functions responsible to check/update the Last-Modified header as it happens now. This seems to me a bit more efficient and we'd avoid replicating the same checks in two different places. 4) Any parsed value ending up in APR_DATE_BAD will be dropped. The logging message about the header replacement will not be as clear as it is now, but the compromise looks good to me. Wording of comments and logging can be changed of course, let me know if the english used is not correct or clear enough. Hope that this patch will be good for everybody. Comments are very welcome and appreciated :) Regards, Luca
