Apache HTTP Server Request Library 2.04-dev Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the 2.04-dev release of libapreq2. This Announcement notes significant changes introduced by this release.
The package libapreq2-2.04_03-dev.tar.gz is released under the Apache License version 2.0. It is now available through the ASF mirrors http://httpd.apache.org/apreq/download.cgi http://httpd.apache.org/apreq/download.cgi and has entered the CPAN as file: $CPAN/authors/id/J/JO/JOESUF/libapreq2-2.04_03-dev.tar.gz size: 592748 bytes md5: 1f5dd762c877b716f3774d502f575196 libapreq2 is an APR-based shared library used for parsing HTTP cookies, query-strings and POST data. The package libapreq2-2.04_03-dev.tar.gz provides 1) version 2.0.20 of the libapreq2 library, 2) mod_apreq, a filter module necessary for using libapreq2 within the Apache HTTP Server, 3) the Apache::Request, Apache::Cookie, and Apache::Upload perl modules for using libapreq2 with modperl-2. ======================================================================== Changes with libapreq2-2.04-dev (released August 30, 2004) - Perl API [joes] Add TAINT checks, marking all parsed data as tainted. - C API [joes] Add body_status attribute to apreq_request_t, to allow the both environment and the parser to report any errors encountered. - C API [randyk, joes] Cookie parser was locking up on non-alphanumeric chars in cookie names. Also RFC Cookie attributes are always checked for quotes during bake(2), and the quotes are now stripped from incoming RFC cookies during parsing (but they are never stripped from the actual cookie value). - Perl API [joes] Apache::Cookie::Jar->new accepts a VALUE_CLASS argument, which effectively blesses all the jar's cookies into that class, which simplifies subclassing Apache::Cookie. Accordingly Apache::Cookie->freeze($value) no longer accepts a freeze()-able object in $value. - C API [Markus Wichitill, randyk, joes] Drop APR_DELONCLOSE from apreq_file_mktemp implementation and install apreq_file_cleanup. When passed to apr_file_open on Win32, APR_DELONCLOSE sets the FILE_SHARED_DELETE flag, which is, unfortunately, a property that is preserved across NTFS "hard" links. This breaks apps that link() the temp file to a permanent location, and subsequently expect to open it without FILE_SHARED_DELETE before the original tempfile is closed+deleted. In fact, even Apache::Upload does this, so it is a common enough event that the apreq_file_cleanup workaround is necessary. - C API [Ken Burcham, joes] Fix bug in url parser that occurs when a %XX-encoded sequence is split across multiple buckets. Added apreq_decode_decodev to make this problem less inconvenient. - Perl API [joes] Exception objects inherit from the object which raised it, which allows $@ to invoke its methods with impunity (exceptions are disabled for objects which derive from an exception class). - Perl API [joes] Implement HOOK_DATA and UPLOAD_HOOK. - Perl API [joes] Add safe XS wrappers for $table->add, $table->set, $table->STORE, and $table_class->new. - Perl API [joes] Add exceptions to $upload->link, $upload->tempname, $upload->slurp, and $cookie->set_attr. Return value of $upload->slurp is now the upload length. Also document new $upload->io. - C API [joes] Restrict all apr_status_t codes to APR_SUCCESS, APR_INCOMPLETE, APR_EGENERAL, APR_EINIT, APR_ENOTIMPL, since any others will generate confusing error messages from apr_strerror. - Perl API [joes] Added $upload->io with a TIEHANDLE API layered over APR::Brigade. $upload->fh remains implemented as an APR::PerlIO object, which is seekable but less efficient and currently suffers some portability issues associated with largefile support in perl and apr. - Perl API [joes] Added apreq_xs_croak for throwing APR::Error exceptions and included error-checking on $req->param, $req->args, $req->body, $req->upload, and $jar->get. - Perl API [joes] Added $jar->status, $req->args_status and $req->body_status to report parsing errors. Also add $upload->tempname per user request. - C API [joes] Dropped status attribute of apreq_value_t. Added status field to apreq_jar_t and added args_status field to apreq_request_t. Parsers also must return their public status code when a NULL brigade is passed. apreq_hook_disable_uploads() is also added. . This is an ABI change affecting all versions of libapreq2 prior to 2.0.12. - Perl API [joes] $upload->info returns a proper APR::Table object now. Also implemented $upload->size, $upload->fh, and $upload->type. - C API [Jean-François Meesse] mfd parser fails to parse CRLF-terminated files when the terminating boundary string is at the start of a new bucket. This is reportedly a common event for PDF files uploaded with Netscape 7. - Perl API [joes] Add back-compat support for Apache::Cookie->fetch() via Apache->request. - C API [joes] Add MaxBody, MaxBrigade, and TempDir per-dir directives to mod_apreq filter. - C API [joes] Replace free/tempnam dependency in apreq_file_mktemp() with apr_temp_dir_get(). Add additional gcc warning flags when --enable-maintainer-mode is set. - C API [joes, Scott Hutton] Replace apreq_brigade_copy with more effective APREQ_BRIGADE_COPY macro. Also introduce APREQ_BRIGADE_SETASIDE to deal with buckets that need to be set aside for use in future function calls. mod_ssl generates transient buckets which tickled this bug. - Perl API [joes] Separate Apache::Upload module from Apache::Request for better organization. -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html