delta/apache/httpd.git/server/util_script.c, branch httpdunit github.com: apache/httpd.git After a long discussion in dev@ I reviewed my previous commit to only warn 2016-08-26T11:00:44+00:00 Luca Toscano elukey@apache.org 2016-08-26T11:00:44+00:00 df532849b09111aa77a1d427a562eb2644fc8ab1 the admins about Last-Modified header violations rather than trying to interpret datestrings (like the ones not in GMT). I also added explicit comments to summarize the current assumptions, so it will be easier for somebody in the future to modify the code. The following use cases are covered: 1) (F)CGI backend sends a Last-Modified header not in GMT and considered in the future by httpd (like now() in the EU/Paris timezone) 2) (F)CGI backend sends a Last-Modified header not in GMT and not considered in the future by httpd (like now() + 2 hours in the PST timezone) 3) (F)CGI backend sends a Last-Modified header in GMT but with a datetime in the future Suggestions and opinion are really welcome. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757818 13f79535-47bb-0310-9956-ffa450edef68 
the admins about Last-Modified header violations rather than trying
to interpret datestrings (like the ones not in GMT).

I also added explicit comments to summarize the current assumptions,
so it will be easier for somebody in the future to modify the code.

The following use cases are covered:
1) (F)CGI backend sends a Last-Modified header not in GMT and considered in the future by httpd (like now() in the EU/Paris timezone)
2) (F)CGI backend sends a Last-Modified header not in GMT and not considered in the future by httpd (like now() + 2 hours in the PST timezone)
3) (F)CGI backend sends a Last-Modified header in GMT but with a datetime in the future

Suggestions and opinion are really welcome.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757818 13f79535-47bb-0310-9956-ffa450edef68
Optimization to httpoxy workaround, for 2.4.23+ only. 2016-07-18T14:09:38+00:00 William A. Rowe Jr wrowe@apache.org 2016-07-18T14:09:38+00:00 dda46789197938a74d39b6e43d3427b1b50b1a4b Submitted by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1753229 13f79535-47bb-0310-9956-ffa450edef68 
Submitted by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1753229 13f79535-47bb-0310-9956-ffa450edef68
httpoxy workarounds, first draft patch as published for all 2.2.x+ sources 2016-07-18T14:07:00+00:00 William A. Rowe Jr wrowe@apache.org 2016-07-18T14:07:00+00:00 235ee2ff4097373c1ce72c17d375c0423fbd73e9 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1753228 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1753228 13f79535-47bb-0310-9956-ffa450edef68
Improve the FCGI/CGI Last-Modified header value handling. 2016-07-03T09:48:06+00:00 Luca Toscano elukey@apache.org 2016-07-03T09:48:06+00:00 edf1a4d4baf6897a75afca6b998be559fc69cbee Patch from Yann after a discussion on the dev@ mailing list. ap_scan_script_header_err_core_ex is now using apr_date_parse_rfc in order to recognize non-GMT datestr following RFC822/1123 and transforming them to GMT rather than replacing the value with GMT now (that could add httpd's processing time to the original value). Logging has also been improved from my initial solution. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1751138 13f79535-47bb-0310-9956-ffa450edef68 
Patch from Yann after a discussion on the dev@ mailing list. 
ap_scan_script_header_err_core_ex is now using apr_date_parse_rfc 
in order to recognize non-GMT datestr following RFC822/1123
and transforming them to GMT rather than replacing the value
with GMT now (that could add httpd's processing time to the
original value). Logging has also been improved from my initial
solution.
 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1751138 13f79535-47bb-0310-9956-ffa450edef68
Fixed typo in log message, wrong RFC mentioned. 2016-07-01T15:00:42+00:00 Luca Toscano elukey@apache.org 2016-07-01T15:00:42+00:00 0f18d85a321b67fa388140a7437a1c9d301d953b git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750953 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750953 13f79535-47bb-0310-9956-ffa450edef68
Fix indentation and extra spaces of my previous commit, apologies. 2016-06-30T07:09:46+00:00 Luca Toscano elukey@apache.org 2016-06-30T07:09:46+00:00 cc532cf385abe3871f6de2e0d66750a00c6493ec git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750749 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750749 13f79535-47bb-0310-9956-ffa450edef68
Log CGI/FCGI Last-Modified header value changes. 2016-06-30T07:00:31+00:00 Luca Toscano elukey@apache.org 2016-06-30T07:00:31+00:00 74900ee0c48ffb1244455462549d07da46a39688 The Last-Modified header coming from a backend FCGI/CGI script is inspected by util_script.c to enforce RFC2616 (https://tools.ietf.org/html/rfc2616#section-14.29). The Last-Modified header also needs to be compliant with RFC882/1123 as stated in https://tools.ietf.org/html/rfc2616#section-3.3.1, and one important assumption that httpd makes (correctly, as the RFC suggests) is to assume the GMT timezone. If the datestr returned by the FCGI/CGI script is set with a different timezone, then the value might be considered "in the future" and replaced with GMT now() as calculated by httpd. Adding a trace log might help sysadmins while debugging these kind of issues. This is a follow up of r1748379. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750747 13f79535-47bb-0310-9956-ffa450edef68 
The Last-Modified header coming from a backend FCGI/CGI script is inspected
by util_script.c to enforce RFC2616 (https://tools.ietf.org/html/rfc2616#section-14.29).
The Last-Modified header also needs to be compliant with RFC882/1123 as stated in
https://tools.ietf.org/html/rfc2616#section-3.3.1, and one important assumption that
httpd makes (correctly, as the RFC suggests) is to assume the GMT timezone. If the datestr
returned by the FCGI/CGI script is set with a different timezone, then the value might be considered
"in the future" and replaced with GMT now() as calculated by httpd. Adding a trace log might
help sysadmins while debugging these kind of issues. This is a follow up of r1748379. 
  


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750747 13f79535-47bb-0310-9956-ffa450edef68
Drop an invalid Last-Modified header value returned by a FCGI/CGI 2016-06-14T10:35:23+00:00 Luca Toscano elukey@apache.org 2016-06-14T10:35:23+00:00 f2c1f268b06a7a7985051ead4094044c90603c59 script instead tranforming it to Unix Epoch. This bug was mentioned in the users@ mailing list and outlined in the following centos bug: https://bugs.centos.org/view.php?id=10940 To reproduce the issue it is sufficient to connect mod-fastcgi to a PHP script that returns a HTTP response with the header "Last-Modified: foo". The header will be modified by script_util.c to "Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT". Dropping an invalid header in this case seems to be the most consistent and correct option in my opinion, plus it shouldn't break existing configurations. Returning Unix Epoch might be dangerous and should be avoided, but please let me know your opinions. Moreover this is my first commit outside the documentation court, I hope to have got the procedure right. This fix has been tested also with the 2.4.x branch. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1748379 13f79535-47bb-0310-9956-ffa450edef68 
script instead tranforming it to Unix Epoch.

This bug was mentioned in the users@ mailing list and outlined in
the following centos bug: https://bugs.centos.org/view.php?id=10940
To reproduce the issue it is sufficient to connect mod-fastcgi
to a PHP script that returns a HTTP response with
the header "Last-Modified: foo". The header will be modified by
script_util.c to "Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT".
Dropping an invalid header in this case seems to be the most
consistent and correct option in my opinion, plus it shouldn't
break existing configurations. Returning Unix Epoch might be
dangerous and should be avoided, but please let me know your opinions.
Moreover this is my first commit outside the documentation court,
I hope to have got the procedure right.
This fix has been tested also with the 2.4.x branch.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1748379 13f79535-47bb-0310-9956-ffa450edef68
Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen 2016-06-09T00:06:42+00:00 William A. Rowe Jr wrowe@apache.org 2016-06-09T00:06:42+00:00 f4cc76ee717004baf0f82a0aed1a0e02ffaeb10f git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747469 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747469 13f79535-47bb-0310-9956-ffa450edef68
Add CGIVar directive for configuring REQUEST_URI behavior 2016-03-14T15:42:45+00:00 Jeff Trawick trawick@apache.org 2016-03-14T15:42:45+00:00 9b6702a85c165ca6503f564b1653dc2e3f72404f The goal is to use this one directive to handle any configurable CGI variable behavior; only one CGI variable is supported initially. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734947 13f79535-47bb-0310-9956-ffa450edef68 
The goal is to use this one directive to handle any configurable
CGI variable behavior; only one CGI variable is supported initially.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734947 13f79535-47bb-0310-9956-ffa450edef68