diff options
| author | Chris Pepper <pepper@apache.org> | 2003-04-09 04:08:21 +0000 |
|---|---|---|
| committer | Chris Pepper <pepper@apache.org> | 2003-04-09 04:08:21 +0000 |
| commit | 849ccfac040eb956c0c6fa3339d5ef8378aea100 (patch) | |
| tree | e9127fc75204e9ca43630822c8b85b7bd9b00458 /docs/manual/style/manual.en.xsl | |
| parent | 25189e690aa9f5ed42960b8b822c1ddf56764a51 (diff) | |
| download | httpd-849ccfac040eb956c0c6fa3339d5ef8378aea100.tar.gz | |
Clarify some wording.
Note this change (as previously written, it implied that 1.3.5
had this vulnerability, which is not true). I'm not sure if
"httpd 2.0" is the preferred name.
- <p>Note that in versions previous to 2.0.46 no escaping has been performed
+ <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from <code>%...r</code>, <code>%...i</code> and
<code>%...o</code>. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.</p>
- <p>For security reasons starting with 2.0.46 non-printable and
+ <p>For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
<code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are <code>"</code> and <code>\</code> which are escaped by prepending
- a backslash, and all whitespace characters that are written in their
- C-notation (<code>\n</code>, <code>\t</code> etc).</p>
+ a backslash, and all whitespace characters which are written in their
+ C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99302 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/style/manual.en.xsl')
0 files changed, 0 insertions, 0 deletions