diff options
author | Yann Ylavic <ylavic@apache.org> | 2024-07-17 22:50:12 +0200 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2024-07-17 22:50:12 +0200 |
commit | a1a93beb58b81f1de2b713ae5f96c41ed5952a74 (patch) | |
tree | a60e5fbce1f5fc2604b3254f307d338d14ed2920 /test/modules/tls/test_14_proxy_ssl.py | |
parent | core: Improve AP_REQUEST_ #defines. (diff) | |
download | apache2-a1a93beb58b81f1de2b713ae5f96c41ed5952a74.tar.xz apache2-a1a93beb58b81f1de2b713ae5f96c41ed5952a74.zip |
mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. PR 69197.
Track in do_expand() whether a '?' in the uri-path comes from a literal in
the substitution string or from an expansion (variable, lookup, ...).
In the former case it's safe to assume that it's the query-string separator
but for the other case it's not (could be a decoded %3f from r->uri).
This allows to avoid [UnsafeAllow3F] for most cases.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919325 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test/modules/tls/test_14_proxy_ssl.py')
0 files changed, 0 insertions, 0 deletions