Re: MP 2.0.3 & Apache 2.2.3 -> auth tests fail

Gozer, This looks good to me. It fixes t/api/server_const.t and the test suite now/still passes 100% for me. Do you want to commit it or should I. Thats a +1 btw. FYI: FreeBSD 6.2-RELEASE gcc 3.4.6 perl 5.8.8 w/o ithreads httpd 2.2.4 ap(r,u) 1.2.8 w/o threads + apr_dbd_mysql and mysql

Re: MP1 Security issue

> "Fred" == Fred Moyer <[EMAIL PROTECTED]> writes: Fred> The changes are ready for review on the dev list. I can dig up some Fred> tuits to help with the release if needed, and I think we are pretty set Fred> there patch wise for anyone who needs something right away. Release*s* you mean? F

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Philip M. Gollucci wrote: Perrin Harkins wrote: On 3/22/07, Andy Armstrong <[EMAIL PROTECTED]> wrote: $path_info = quotemeta $path_info; my $script_name = $path_info && $self->{URI} =~ /$path_info$/ You can in-line that to avoid clobbering the original: my $script_name = $path_inf

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Perrin Harkins wrote: On 3/22/07, Andy Armstrong <[EMAIL PROTECTED]> wrote: $path_info = quotemeta $path_info; my $script_name = $path_info && $self->{URI} =~ /$path_info$/ You can in-line that to avoid clobbering the original: my $script_name = $path_info && $self->{URI} =~ /\Q$pa

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

On 3/22/07, Andy Armstrong <[EMAIL PROTECTED]> wrote: $path_info = quotemeta $path_info; my $script_name = $path_info && $self->{URI} =~ /$path_info$/ You can in-line that to avoid clobbering the original: my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/ - Perrin

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

On 23 Mar 2007, at 03:49, Fred Moyer wrote: Ok, help me out here Merlyn. Will this fix it? I assume it needs to be quoted like this: $path_info = quotemeta $path_info; my $script_name = $path_info && $self->{URI} =~ /$path_info$/ [EMAIL PROTECTED] ~/dev/modperl/mod_perl-2.0 $ sv

Re: MP1 Security issue

> "Fred" == Fred Moyer <[EMAIL PROTECTED]> writes: Fred> Ok, help me out here Merlyn. Will this fix it? No, you want /\Q$path_info\E$/ -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Randal L. Schwartz wrote: "Randal" == Randal L Schwartz writes: "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: Alex> The problem is due to unescaped variable interpolation in regular Alex> expression $uri =~ /$path_info$/ in sub namespace_from: Randal> I don't want to raise too many ala

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

> "Randal" == Randal L Schwartz writes: > "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: Alex> The problem is due to unescaped variable interpolation in regular Alex> expression $uri =~ /$path_info$/ in sub namespace_from: Randal> I don't want to raise too many alarms, but this means

MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

> "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: Alex> The problem is due to unescaped variable interpolation in regular Alex> expression $uri =~ /$path_info$/ in sub namespace_from: I don't want to raise too many alarms, but this means that every MP1 server has a denial-of-service attack

Re: [mp1] PerlRun fails if path_info contains special symbols

On 3/22/07, Alex Solovey <[EMAIL PROTECTED]> wrote: The problem is due to unescaped variable interpolation in regular expression $uri =~ /$path_info$/ in sub namespace_from Would you be willing to try your hand at a patch? - Perrin

Re: Having problems installing mod_perl on Slackware

On 3/22/07, Eric Snyder <[EMAIL PROTECTED]> wrote: [ error] error running tests (please examine t/logs/error_log) What did you find in t/logs/error_log? - Perrin

Re: Having problems installing mod_perl on Slackware

I did a couple of things wrong. I changed to Apache 2.0.59 and I did not run ./configure on mod_perl. Make ran fine but I get the following when I run make test: Failed Test Stat Wstat Total Fail List of Failed ---

Re: reload modules for development environments on modperl2

Jeremy Wall wrote: I currently use Apache2::Reload on my development environments. However it's usefulness has been spotty particularly on win32 environments. Someone recently recommended Module::Refresh to me as an alternative. I was wondering in other peoples experience has been with modperl

reload modules for development environments on modperl2

I currently use Apache2::Reload on my development environments. However it's usefulness has been spotty particularly on win32 environments. Someone recently recommended Module::Refresh to me as an alternative. I was wondering in other peoples experience has been with modperl module reloaders an

Re: Timeout with $r->read?

On Wed, Mar 21, 2007 at 06:02:27PM -0800, Ewan Edwards wrote: > > So, I've create a response handler that uses $r->read to read the POST > body, separate out the lines and insert the data into a database. For > small POST bodies this works well (800 r/s or so on my test hardware). > > For larger

Re: Partial HTML

On Mar 22, 2007, at 11:40 AM, Anthony Gardner wrote: If Partial HTML is sent to the client, could it possibly cause the IO flush error? The HTML in question would be something like . and sent back thus are you running through a load balancer / proxy ? it could be on that end.

Re: Connection reset / aborted

On 3/16/07, Clinton Gormley <[EMAIL PROTECTED]> wrote: 1) What is the difference between connection reset and connection aborted I don't think there's a meaningful difference in this context. 2) What return code should I send Apache2::Const::OK? or what That's fine. If you want to log a

Re: the "User Pressed Stop Button" Case again

On 3/20/07, Kjetil Kjernsmo <[EMAIL PROTECTED]> wrote: We're seeing a lot of 500-errors on the backends, they are proxied. The errors we see are that on upload, we get "End of file found", and [Mon Mar 19 01:07:47 2007] [error] [client 213.236.208.101] (70007)The timeout specified has expired: a

Re: DProf - "Corrupting" __FILE__

On 3/20/07, Tristan Greaves <[EMAIL PROTECTED]> wrote: However, if DProf is enabled within Apache, I note that __FILE__ gets "corrupted": it no longer contains the name of the script. This sounds like a general problem with DProf. If you ask about it on perlmonks.org or usenet, you might get s

Re: Partial HTML

On 3/22/07, Anthony Gardner <[EMAIL PROTECTED]> wrote: If Partial HTML is sent to the client, could it possibly cause the IO flush error? The HTML in question would be something like . and sent back thus No, mod_perl doesn't know anything about HTML or care what content you send to t

[mp1] PerlRun fails if path_info contains special symbols

Hi, If I have a PerlRun script, e.g., http://localhost/test/script, and call it using a URL with special symbols like '(' in path_info, PerlRun fails with server error. For example, calling http://localhost/test/script/( produces this error: [Thu Mar 22 10:24:57 2007] [error] Unmatched ( in

Partial HTML

We're having some problems with the floowing errors Apache2 IO flush: (103) Software caused connection abort at -e line 0 child pid 31533 exit signal Segmentation fault (11) (not following each other like that. A lot of requests can be made before one of them appears) We are going to recom

Re: Having problems installing mod_perl on Slackware

On 3/22/07, Eric Snyder <[EMAIL PROTECTED]> wrote: You are saying to use Apache 2.0.59 rather than 2.2.4? Yes. - Perrin

Re: Having problems installing mod_perl on Slackware

The instructions said the -Uusethreads if I do not want thread support. If you need the threads support , run: % ./Configure -des -Dusethreads Most likely you don't want perl-support for threads enabled, in which cas