stas 2003/08/22 16:16:41
Modified: . STATUS
Log:
$r anti-assassin code is available, so far only one assassin was found
Revision Changes Path
1.60 +8 -5 modperl-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/modperl-2.0/STATUS,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- STATUS 22 Aug 2003 20:04:53 -0000 1.59
+++ STATUS 22 Aug 2003 23:16:41 -0000 1.60
@@ -39,13 +39,16 @@
committed
Report: http://mathforum.org/epigone/modperl-dev/zehporbreh/[EMAIL PROTECTED]
- Status: waiting for Doug's review
+ Status: (stas) needs to be cleaned up and committed
----
-*
- Report:
- Status:
+* protect registry classes from bad scripts which try to assassinate $r
+ Report: http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=106153785129782&w=2
+ Status: (stas) i'm not sure whether we really need this feature,
+ since it's the first time in the last 6 years we had a
+ problem with bad user code of this kind. let's keep it in
+ the patches until we have a real need for it.
