HCoop / hcoop / domtool2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2db6d05) | patch
apache: core directive AllowEncodedSlashes release_20161211
authorClinton Ebadi <clinton@unknownlamer.org>
Mon, 12 Dec 2016 04:15:05 +0000 (23:15 -0500)
committerClinton Ebadi <clinton@unknownlamer.org>
Mon, 12 Dec 2016 04:15:05 +0000 (23:15 -0500)
commite2166ae8e506e3bd6f9a33e7c9d2ef0d367a4e12
tree460cad788b04b2918dcaeaacab39395dab2a303ctree | snapshot (tar.gz zip)
parent2db6d05db1941c978e200ef437e0b63a4ce9b14dcommit | diff
apache: core directive AllowEncodedSlashes

Allow members to set the safe NoDecode mode instead of unequivocally
rejecting URLs with encoded slashes. "On" is not supported because we do
not want to allow encoded urls to access arbitrary directories (not sure
if it's paranoia, but the apache docs discourage it).

https://bugzilla.hcoop.net/show_bug.cgi?id=1220
https://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes
lib/apache_options.dtl diff | blob | blame | history
src/plugins/apache.sml diff | blob | blame | history
Unnamed repository; edit this file to name it for gitweb.