>>>>> "Randal" == Randal L Schwartz <[email protected]> writes:
>>>>> "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes:
Alex> The problem is due to unescaped variable interpolation in regular
Alex> expression $uri =~ /$path_info$/ in sub namespace_from:
Randal> I don't want to raise too many alarms, but this means that every MP1
Randal> server has a denial-of-service attack against it now.
And MP2 as well, from ModPerl::RegistryCooker:
my $path_info = $self->{REQ}->path_info;
my $script_name = $path_info && $self->{URI} =~ /$path_info$/
? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
: $self->{URI};
Wonderful. Won't take long until this makes the rounds. Better start
getting the patches out and the press releases.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[email protected]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
