On 07/19/2008 06:08 PM, Nick Kew wrote:
Reviewing the backport proposal in STATUS, it amounts to
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=639465&r2=664330&pathrev=664330
It still seems to be at risk of generating a malformed cookie,
if secure is unset (N
Reviewing the backport proposal in STATUS, it amounts to
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=639465&r2=664330&pathrev=664330
It still seems to be at risk of generating a malformed cookie,
if secure is unset (NULL) but httponly is set.
Shouldn't it guar
On 07/19/2008 12:23 PM, David Shane Holden wrote:
I was experimenting with mod_session a bit and ran into a segfault when
a cgi script sets a cookie with a null value (eg. "key="). Basically
mod_session tries to do a sanity check on the null value by passing it
to ap_unescape_all which is cau
I was experimenting with mod_session a bit and ran into a segfault when
a cgi script sets a cookie with a null value (eg. "key="). Basically
mod_session tries to do a sanity check on the null value by passing it
to ap_unescape_all which is causing the segfault. But, if you look at
the code th
