Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl
On May 8, 2017 18:15, "Jacob Champion" wrote: On 05/05/2017 04:42 PM, William A Rowe Jr wrote: > I've been similarly confused. It's obvious that the XML sources have no > context without the XSLT and build stack. > For XSLT, agreed. But as Andre points out there is a way to use the XML without the build stack, as long as you have a capable browser. There are a couple ways we could slice this, including pulling .XML out > from all the packages which won't ship the transformations. > I'm kind of hoping for the opposite of this -- push more of the context that belongs with the XML files into the httpd repo, and remove anything from the build repo that shouldn't be generalized to all branches of the documentation. Sounds like the right (if not simplest) approach.
Re: svn commit: r1792169 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/httpd.h modules/generators/mod_status.c modules/proxy/mod_proxy.c server/config.c server/util.c
On Thu, Apr 27, 2017 at 1:51 PM, Eric Covener wrote:
> On Fri, Apr 21, 2017 at 4:44 AM, wrote:
>> +/* A request that has passed through .htaccess has no business
>> + * landing up here.
>> + */
>> +if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
>> +return DECLINED;
>> +}
>> +
>
> If AllowOverride is enabled for the document root an d an htaccess is
> present, this renders /server-status unreachable, regardless of
> what's in the htaccess. If we're going to block this by default, we
> might as well just stop configuring it with SetHandler and then the
> taint checking is not needed.
>
> We also have in another thread the issue with RewriteRule ... [P] in
> htaccess being blocked. We need some kind of way to express a policy
> that will be unique to different handlers.
bump? Right now the only two protected handlers are blocking pretty
routine configurations.
Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl
On 05/05/2017 04:42 PM, William A Rowe Jr wrote: I've been similarly confused. It's obvious that the XML sources have no context without the XSLT and build stack. For XSLT, agreed. But as Andre points out there is a way to use the XML without the build stack, as long as you have a capable browser. There are a couple ways we could slice this, including pulling .XML out from all the packages which won't ship the transformations. I'm kind of hoping for the opposite of this -- push more of the context that belongs with the XML files into the httpd repo, and remove anything from the build repo that shouldn't be generalized to all branches of the documentation. --Jacob
Re: ACNA Miami: Who? When?
On 05/08/2017 08:00 PM, Jim Riggs wrote: > So, who all will be in Miami? From what I've seen on Sched and messages here: > > Yes : jimjag, rich, jfc, ruggeri, me > No : rowe, covener > > There are several other ACNA regulars who have been quiet around here lately. > Anyone else coming in? I'm giving a talk at ACNA, so I better be there :D I'll be there all week, might even have some surprises as usual (the old timers will know of what I speak...) > > I'll be there Sunday evening through Friday morning. I would update > https://wiki.apache.org/httpd/Face2Face like usual, but it got locked down > for spam. > > I'm up for a meal with any of you anytime. Also, contrary to the seeming > consensus on the hackathon thread a couple weeks ago (that I missed), I have > had a lot of luck pounding things out during random hacking sessions or down > times at the conference, most notably that > mod_cache-thundering-herd-lock-file issue that a group of us really hammered > on a couple years back. (It was absolutely killing me at work!) That said, > I'm always up for hacking on stuff with people, especially when it's > something nagging like that. >
ACNA Miami: Who? When?
So, who all will be in Miami? From what I've seen on Sched and messages here: Yes : jimjag, rich, jfc, ruggeri, me No : rowe, covener There are several other ACNA regulars who have been quiet around here lately. Anyone else coming in? I'll be there Sunday evening through Friday morning. I would update https://wiki.apache.org/httpd/Face2Face like usual, but it got locked down for spam. I'm up for a meal with any of you anytime. Also, contrary to the seeming consensus on the hackathon thread a couple weeks ago (that I missed), I have had a lot of luck pounding things out during random hacking sessions or down times at the conference, most notably that mod_cache-thundering-herd-lock-file issue that a group of us really hammered on a couple years back. (It was absolutely killing me at work!) That said, I'm always up for hacking on stuff with people, especially when it's something nagging like that.
