CHANGES

List of major changes.

Changes with libapreq2-2.18 (in development)

Changes with libapreq2-2.17 (released 25 August, 2022)

  • Multipart header parser [Yann Ylavic] Rework apreq_parse_headers() to discard CRLF of folded values.

Changes with libapreq2-2.16 (released 17 March, 2021)

  • Build [Steve Hay] Fix file attribute for modules listed as provided in META.yml.

Changes with libapreq2-2.15 (released 17 November, 2020)

  • SECURITY: CVE-2019-12412 (cve.mitre.org) C API [Max Kellermann] Fix a NULL pointer dereference when parsing malformed multipart data in apreq_parse_multipart().
  • C API [Yann Ylavic] In apreq_brigade_concat(), fix memory handling and create the FILE bucket correctly.
  • Build [Petr Pisar] Fix "make release" on Unix.

Changes with libapreq2-2.14 (not released)

  • Build [stevehay] Fix httpd-2.4.x build for Win32.
  • Build [Richard M Kandarian] Fix debug build for Win32.
  • C API [joes] Fix mod_apreq2's config merging.
  • Perl glue Updated license info in META.yml Updated documentation for Apache2::Cookie

Changes with libapreq2-2.13 (released December 3, 2010)

  • HTTP Only Cookie [Robert Stone & Adam Prime] The C and Perl Cookie APIs now support an HttpOnly flag to tell user agents to deny client-side script access to the cookie

Changes with libapreq2-2.12 (released March 13, 2009)

  • C API [joes] Make the cookie parser a little more flexible.

Changes with libapreq2-2.11 (not released)

  • Interactive CGI module [issac] Allow cgi module to interactively prompt for parameters and cookies when running a script from the command line and not from a CGI interface

Changes with libapreq2-2.10 (not released)

  • Perl Glue [joes] Fix the linking of the perl modules to libapreq2 and libapr on Solaris.
  • Perl Glue [joes] Fix install-time linking issue of the .so modules. Previously they would remain linked against the src library path, not the install path.
  • C API [joes] Add optional interface for apreq_handle_apache2().
  • C API [joes] Clean up buggy apreq_hook_find_param().
  • Perl Glue Build [Philip M. Gollucci] config.status format changed format yet again in autoconf 2.62+.
  • License [Mladen Turk] Add libapreq.rc and generate libapreq.res
  • Build [Mladen Turk] Add APREQ_DECLARE_EXPORT/APREQ_DECLARE_STATIC in the same way as APR declares so that dllexport/dllimport get correctly handled.
  • Build [Randy Kobes] Add appropriate manifest command to embed manifest files on Win32 when using VC8
  • C API [Andy Grundman, joes] Add missing bytes_read initializer to apreq_handle_custom().
  • C API [suggested by Vinay Y S, tested by Steve Hay and Peter Walsham] For Win32, remove the flag |= APR_FILE_NOCLEANUP | APR_SHARELOCK; in apreq_file_cleanup, to avoid problems with file uploads.

Changes with libapreq2-2.09 ( not released)

  • C API [joes] Fix leak associated to calling apreq_brigade_fwrite() on an upload brigade.
  • Build [Philip M. Gollucci] SunOS (Solaris) Users must use gmake not make for building.
  • Build [Philip M. Gollucci] SunOS (Solaris) Code around bug in libtool (at least in 1.5.18, 1.5.20, 1.5.22) causing mod_apreq2 to be built instead of mod_apreq2.so
  • C API [Philip M. Gollucci] Fix comparison signed vs unsigned comparison in apreq_fwritev() on SunOS/gcc where iovec.iov_len is a long.
  • Build [Philip M. Gollucci] SunOS (Solaris) fix duplicate link error to libexpat.so – by using the one from httpd exclusively now.
  • Build [Philip M. Gollucci] code around |#_!!_#| autoconf 2.60 bug.

Changes with libapreq2-2.08 (released August 8, 2006)

  • Perl API [Randy Kobes] add APR_FILE_NOCLEANUP | APR_SHARELOCK to flags passed to apreq_file_mktemp() on Win32 in library/util.c, in order to clean up occasional stray temp files left behind in the Perl upload test (reported by Steve Hay)
  • Build [Philip M. Gollucci, Bojan Smojver, joes] make input brigade volatile in order to give hints to GCC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193740 This fixes an infinite look split_on_bdry() of library/parser_multipart.c particularly on linux/gcc 4.x platforms.
  • Perl Glue Fix "value computed not used" gcc 4.1.x compile errors
  • Build [Randy Kobes] Fix the location of apxs and the names of the apr and aprutil libraries on Win32 to enable building against Apache/2.2.
  • Perl Glue docs [Philip M. Gollucci] Fix the 'docs_install' make target to actually install the docs for the perl glue.
  • Perl Glue Build [Philip M. Gollucci] Regenerate glue/perl/xsbuilder/ppport.h to fix perl 5.8.8+ on some plaforms.
  • C API [joes] Add code for apreq_cookies().
  • Perl API [joes] Expose the constants in apreq_error.h via the APR::Request::Error package.

Changes with libapreq2-2.07 (released February 12, 2006)

  • C API [joes] SECURITY: CVE-2006-0042 (cve.mitre.org) Eliminate potential quadratic behavior in apreq_parse_headers() and apreq_parse_urlencoded().
  • Perl API [Philip M. Gollucci] Fix Apache2::Cookie->cookies() to comply with its documentation
  • C API [Philip M. Gollucci] Use the APREQ_DEFAULT_READ_LIMIT constant for the read_limit
  • C API [Ville Skyttń, Dirk Nehring] Add explicit cast in apreq_escape()/apreq_util.h to keep C++ compilers happy.
  • C API [joes] Protect against arbitrary recursion depth in apreq_parse_multipart() by adding a reasonable compile-time MAX_LEVEL limit.
  • C API [joes] Clean up end-of-file parsing for apreq_parse_multipart(), conforming to rfc-2046 ž 5.1.1.
  • Perl API [joes] Move APR::Request::Param::Table and APR::Request::Cookie::Table packages to APR::Request module.
  • Perl XS [Steve Hay] Fix compile problems on Win32 without PERL_IMPLICIT_SYS related to link being an unresolved symbol.
  • Perl API [joes] APR::Request::Cookie::thaw() isn't a class method.
  • C API [joes] Fix off-by-one bug in the continuation-lines portion of the header parser.
  • Perl API [joes] Move APR::Request::upload to APR::Request, where it belongs.
  • Perl XS [Nikolay Ananiev] Use MP_STATIC declarations to allow Cygwin builds.
  • Perl API [joes] encode()/decode() were busted with zero-length args. This caused Apache2::Cookie::new() to segfault on cookie value of "".
  • C API [joes] Add apreq_charset_divine() and eliminate charset offset from return value of apreq_decode(v).
  • C API [joes] Improve the cp1252-charset heuristics for apreq_decode(v).
  • C API [Ralph Mattes] Add explicit casts for apreq_param_charset_* to keep c++ compilers happy.

Changes with libapreq2-2.06-dev (released July 20, 2005)

  • C API [Marc GrÓcia, joes] Fix apreq_decode(v) when iso-latin-1 chars appear at the end of an encoded string.
  • Perl API [Philip M. Gollucci] Fix "Attempt to free temp prematurely" error in apreq_xs_croak().
  • C API [Philip M. Gollucci] Add mod_apreq2 to httpd's server tokens.
  • Perl API [joes] Drop support for $req->env(), which also died with 2.05-dev.
  • Perl API [joes] Support for table set/add/delete methods is formally withdrawn. Technically this feature died with the module API refactoring in 2.05-dev.
  • C API [max] Right-hand limit of apreq_brigade_move() is declared as "excluding", but APR_RING_UNSPLICE() wants an "including" right-hand limit. Fixed this by passing the previous bucket.
  • Perl API [joes] Drop support for Apache2::Request::new's HOOK_DATA. UPLOAD_HOOK now takes only two arguments: ($upload, $data).
  • Perl API [joes] Drop support for Apache2::Cookie::Jar::new's VALUE_CLASS. 2.05-dev broke that API, and it's not worth trying to fix. People who need that should use APR::Request::Cookie::Table's cookie_class() API instead.
  • Perl API [joes] Fix cookie domain/path munging in Apache2::Cookie::new().

Changes with libapreq2-2.05-dev (released May 5, 2005)

  • Win32 build [Randy Kobes] Have top-level 'nmake', 'nmake test', and 'nmake install' targets, respectively, also include building, testing, and installing the corresponding perl glue targets.
  • C API [geoff] Minimum httpd version is now 2.0.48, which includes the official apr 0.9.4 release.
  • C API [Max Kellermann] Fix apreq_quote.
  • Perl API [joes] Remove Apache2::Request::args. WARNING: through inheritance, args() now maps to Apache2::RequestRec::args. Folks that want the pre-2.05-dev behavior need to invoke APR::Request::args by name.
  • C API [joes, Max Kellermann] Add apreq_initialize, apreq_pre_initialize and apreq_post_initialize. These are not thread-safe operations, so applications need to ensure they are invoked (in the correct sequence) prior to using any apreq2 modules.
  • C, Perl API [joes] Add pool, bucket_alloc to apreq_handle_t.
  • Perl API [joes] Drop $data argument from UPLOAD_HOOK, and also drop HOOK_DATA option. Perl folks should use a closure instead of passing in context data.
  • Perl API [joes] Move bake, bake2 to Apache2::Cookie, now requiring an extra $r argument. Also ""-operator is mapped to as_string() for Apache2::Cookie; but APR::Request::Cookie maps it to value().
  • C API [joes] Remove header_in & header_out from apreq_module_t. Remove apreq_ua_cookie_version() and apreq_cookie_bake*(). Remove cookie2 argument to apreq_handle_custom().
  • C API [joes] s/APREQ/APREQ2/g in webserver configuration directives.
  • C API [Igor Shevchenko, Philip Gollucci] Fix segfault in mfd parser caused by parts w/ empty param names.
  • C API [joes] Add apreq_cp1252_to_utf8().
  • C, Perl API [joes] Add charset support for params and couple the SvUTF8 flag to the param's taint flag.
  • C API [joes] Replace v->size with v->nlen + v->dlen. Added supporting apreq_value_table_add().
  • C API [joes] Remove apreq_cookie_attr().
  • C API [joes]
    • Add apreq_error.h, apreq_module.h.
    • Rename apreq_run* and apreq_make* funcs to conform with apreq_$obj_$meth scheme.
    • Replace c->version & c->secure with flags.
    • Parsers are assumed to be working with external data, so the cookies & params they produce are marked tainted.
  • C API [joes] apreq_parse_cookie_header() failed to parse RFC Cookie headers which contained no space chars after the '$Version=1' preamble.
  • C API [joes] Reorganize around include/, library/, and module/ dirs.
  • C Tests [joes] Replace CuTest-based tests with custom TAP-compliant framework.
  • C API [Max Kellermann] Continue the API improvements:
    • Convert APREQ_RUN_PARSER and APREQ_RUN_HOOK to inline, and downcase them.
    • Remove apreq_memmem.
    • Convert apreq_(un)escape to inline.
    • apreq_escape does not create an apreq_value_t*.
    • Initialize default_parsers explicitly to NULL.
    • Convert APREQ_BRIGADE_COPY to inline, and downcase it.
    • Lowercase APREQ_BRIGADE_SETASIDE, APREQ_BRIGADE_COPY.
    • Convert apreq_cookie_name and apreq_cookie_value macros to inline.
    • Convert apreq_param_name, apreq_param_value, apreq_param_info, and apreq_param_brigade to inline.
  • C API [joes] Widespread API refactorization to remove apreq_jar_t and apreq_request_t:

    • Header includes reorganized; apreq_parsers.h added (back again).
    • Replaced apreq_jar_t and apreq_request_t with single apreq_env_handle_t.
    • Added const qualifier to "v" attribute of apreq_cookie_t and apreq_param_t.
    • Use union type-puns to drop const qualifiers inside the new apreq_value_to_cookie and apreq_value_to_param implementations (gcc generates same object code as the macro versions did).
    • Moved "flags" attribute from apreq_value_t to apreq_cookie_t and apreq_param_t.
    • Remove env argument from hooks and parsers.
    • Reduce apreq_env_module to minimal set of operations.
    • Replace apreq_log calls with apreq-specific error codes.
    • Hooks are called on each body param now, not just during file uploads.
    • Tie the cgi handle to its creator pool.

    Detailed changes by header file:

    [apreq.h]

    • Remove flags from apreq_value_t.
    • Remove const qualifier from apreq_value_t's "name" attribute.
    • Remove apreq_value_merge* and apreq_value_copy*.
    • Remove apreq_char_to_value, apreq_strtoval, and apreq_strlen.
    • Move apreq_enctype to apreq_env.h.
    • Move apreq_env_handle_t struct definition to apreq_env.h
    • Change signature of apreq_decode.
    • Move apreq_brigade_concat here, changed its signature and improved it alot.
    • Remove apreq_brigade_spoolfile.
    • Dropped APREQ_*_ENCTYPE, renamed some APREQ_$foo defaults APREQ_DEFAULT_$foo.
    • Added APREQ_ERROR_*.

    [apreq_cookie.h]

    • Remove apreq_env.h include.
    • Remove apreq_jar_t.
    • Add "flags" to apreq_cookie_t, add const qualifier to its "v" attr.
    • Remove apreq_jar* functions.
    • Add apreq_parse_cookie_header.
    • Move apreq_cookie, apreq_cookie_bake(2), and apreq_ua_cookie_version to apreq_env.h.

    [apreq_params.h]

    • Remove apreq_env.h include.
    • Remove apreq_request_t.
    • Add "flags" to apreq_param_t, and const qualifier to its "v" attr.
    • Rename "bb" attribute "upload" in apreq_param_t.
    • Remove apreq_request* functions.
    • Remove apreq_parse_request.
    • Changed apreq_decode_param signature.
    • Replace env argument with apr_table_t in apreq_params_as_array, apreq_params_as_string,
    • Move remaining apreq_param* to apreq_env.h.
    • Move parser and hook subsubsections to apreq_parsers.h.
    • Change apreq_upload(s) old apreq_request_t arg to apr_table_t.

    [apreq_parsers.h]

    • Acquire the hook and parser subsubsections of original apreq_params.h.
    • Remove env argument from APREQ_PARSER_ARGS and APREQ_HOOK_ARGS
    • Augment apreq_hook_t and apreq_parser_t to replace missing env features.
    • Change apreq_make_parser and apreq_make_hook signatures.
    • Rename apreq_add_hook to apreq_parser_add_hook, returning apr_status_t.
    • Change apreq_parser signature.

    [apreq_env.h]

    • Remove read, log, pool, bucket_alloc, request, jar, and query_string methods.
    • Include apreq_parsers.h.
    • Reorganize apreq_env_module_t to provide hook, parser, jar, args, & body table ops.
    • Rename max_brigade to "brigade_limit", max_body to "read_limit".
    • Change related module sigs, including temp_dir, to get/set methods.
    • Add parser and read_limit args to apreq_env_make_custom_handle.
    • Drop "name" arg and APREQ_ENV_MODULE =~ s/_ENV//.
    • s/apreq_env_make/apreq_handle/ in the handle constructor names.

    [mod_apreq.c, apreq_env_apache2.h]

    • Changed APREQ_Max* configs to APREQ_BrigadeLimit and APREQ_ReadLimit.
    • Handle constructor renamed apreq_handle_apache2.
  • C API [joes] Make our "libtool current interface" number depend on apr's major number. This allows libapreq2 to be installed into a system-wide location while avoiding ABI conflicts arising from our apr-based interfaces.
  • C API [Max Kellermann] Introduce apreq_env_handle_t to replace the void *env usage. Also added apreq_env_custom for making private handles, and new apreq_env_apache2.h to let mod_apreq export apreq_env_make_apache2.
  • C API [Max Kellermann] Rename apreq_env_t to apreq_env_module_t, to prepare for a new thread-safe apreq_env API.
  • C API [Max Kellermann] mod_apreq must check the return value of apreq_brigade_concat to avoid a RAM-consuming infinite loop. A bad APREQ_TempDir setting can cause this situation.
  • C API [joes] Provide workaround for chunked trailers bug in ap_http_filter.
  • C, Perl API [joes] Several upload-related bugfixes: 1) apreq_upload and apreq_uploads did not search the full body table, 2) $upload->slurp and $io->read did not autovivify the resultant string.
  • C API [joes] Add "flags" attribute to apreq_value_t, planning for charset support. This is an ABI change, starting with libapreq2.so.2.0.24.
  • C API [joes] Add apreq_env_bucket_alloc() to get an allocator directly from the environment instead of creating them from a pool. This is an ABI change, starting with libapreq2.so.2.0.23.
  • Build system [joes] Add –with-apache2-httpd option so users can override apxs's notion of where the httpd executable is. XSBuilder's header parser runs from buildconf now instead of configure, so we will include those tables in the release tarball. buildconf gets an additional –with-perl option for running the xsbuilder.pl parsing script. The XS generation code in xsbuilder.pl has moved to glue/perl/Makefile.PL.
  • Perl API [joes] Allow ctors for Apache::Cookie, Apache::Cookie::Jar and Apache:::Request to accept Apache::Request objects (instead of requiring an Apache::RequestRec object). This thread details the bug http://thread.gmane.org/gmane.comp.apache.mod-perl/15727
  • C API [Bojan Smojver] Bake cookies with err_headers_out so they are sent on non-2xx server responses (ie. a 304 redirect). Also ensure that headers are copied with apr_table_add instead of apr_table_addn. Since apreq_cookie_bake() allocates from the stack, the Set-Cookie headers would occasionally get mangled without this patch.
  • C API [joes] Add apreq_register_parser(), which allows users to add their own parsers to apreq_parser()'s recognized MIME types.
  • C API [joes] Support "multipart/mixed" file uploads. Support XForms' "multipart/related" enctype.
  • C API [joes] Add apreq_hook_apr_xml_parser(), which is a simple wrapper hook around APR's expat-based apr_xml_parser. Add a generic parser apreq_parse_generic() to parse arbitrary enctypes using the hook API.

Changes with libapreq2-2.04-dev (released August 30, 2004)

  • Perl API [joes] Add TAINT checks, marking all parsed data as tainted.
  • C API [joes] Add body_status attribute to apreq_request_t, to allow the both environment and the parser to report any errors encountered.
  • C API [randyk, joes] Cookie parser was locking up on non-alphanumeric chars in cookie names. Also RFC Cookie attributes are always checked for quotes during bake(2), and the quotes are now stripped from incoming RFC cookies during parsing (but they are never stripped from the actual cookie value).
  • Perl API [joes] Apache::Cookie::Jar->new accepts a VALUE_CLASS argument, which effectively blesses all the jar's cookies into that class, which simplifies subclassing Apache::Cookie. Accordingly Apache::Cookie->freeze($value) no longer accepts a freeze()-able object in $value.
  • C API [Markus Wichitill, randyk, joes] Drop APR_DELONCLOSE from apreq_file_mktemp implementation and install apreq_file_cleanup. When passed to apr_file_open on Win32, APR_DELONCLOSE sets the FILE_SHARED_DELETE flag, which is, unfortunately, a property that is preserved across NTFS "hard" links. This breaks apps that link() the temp file to a permanent location, and subsequently expect to open it without FILE_SHARED_DELETE before the original tempfile is closed+deleted. In fact, even Apache::Upload does this, so it is a common enough event that the apreq_file_cleanup workaround is necessary.
  • C API [Ken Burcham, joes] Fix bug in url parser that occurs when a XX-encoded sequence is split across multiple buckets. Added apreq_decode_decodev to make this problem less inconvenient.
  • Perl API [joes] Exception objects inherit from the object which raised it, which allows $@ to invoke its methods with impunity (exceptions are disabled for objects which derive from an exception class).
  • Perl API [joes] Implement HOOK_DATA and UPLOAD_HOOK.
  • Perl API [joes] Add safe XS wrappers for $table->add, $table->set, $table->STORE, and $table_class->new.
  • Perl API [joes] Add exceptions to $upload->link, $upload->tempname, $upload->slurp, and $cookie->set_attr. Return value of $upload->slurp is now the upload length. Also document new $upload->io.
  • C API [joes] Restrict all apr_status_t codes to APR_SUCCESS, APR_INCOMPLETE, APR_EGENERAL, APR_EINIT, APR_ENOTIMPL, since any others will generate confusing error messages from apr_strerror.
  • Perl API [joes] Added $upload->io with a TIEHANDLE API layered over APR::Brigade. $upload->fh remains implemented as an APR::PerlIO object, which is seekable but less efficient and currently suffers some portability issues associated with largefile support in perl and apr.
  • Perl API [joes] Added apreq_xs_croak for throwing APR::Error exceptions and included error-checking on $req->param, $req->args, $req->body, $req->upload, and $jar->get.
  • Perl API [joes] Added $jar->status, $req->args_status and $req->body_status to report parsing errors. Also add $upload->tempname per user request.
  • C API [joes] Dropped status attribute of apreq_value_t. Added status field to apreq_jar_t and added args_status field to apreq_request_t. Parsers also must return their public status code when a NULL brigade is passed. apreq_hook_disable_uploads() is also added.

    This is an ABI change affecting all versions of libapreq2 prior to 2.0.12.

  • Perl API [joes] $upload->info returns a proper APR::Table object now. Also implemented $upload->size, $upload->fh, and $upload->type.
  • C API [Jean-Franšois Meesse] mfd parser fails to parse CRLF-terminated files when the terminating boundary string is at the start of a new bucket. This is reportedly a common event for PDF files uploaded with Netscape 7.
  • Perl API [joes] Add back-compat support for Apache::Cookie->fetch() via Apache->request.
  • C API [joes] Add MaxBody, MaxBrigade, and TempDir per-dir directives to mod_apreq filter.
  • C API [joes] Replace free/tempnam dependency in apreq_file_mktemp() with apr_temp_dir_get(). Add additional gcc warning flags when –enable-maintainer-mode is set.
  • C API [joes, Scott Hutton] Replace apreq_brigade_copy with more effective APREQ_BRIGADE_COPY macro. Also introduce APREQ_BRIGADE_SETASIDE to deal with buckets that need to be set aside for use in future function calls. mod_ssl generates transient buckets which tickled this bug.
  • Perl API [joes] Separate Apache::Upload module from Apache::Request for better organization.

Changes with libapreq2-2.03-dev (released June 12, 2004)

  • C API [joes] "Objectify" cookie/jar API: s/apreq_(make|serialize)_cookie/apreq_cookie_$1/ and reordering args so the cookie/jar object is always the first argument. Macros added to provide source-compatibility with the old names.
  • Perl API [joes] Added $upload->slurp($data), which reads the contents of the file upload "$upload" into the scalar "$data".
  • C API [joes, randyk] apreq_run_(hook|parser) are macros, so they are capitalized now. Fixed apreq_params_as_string() and added apreq_params_as_array(). Reworked definitions of APREQ_DECLARE_HOOK, APREQ_DECLARE_PARSER and apreq_(parser|hook)_t, hopefully to be more Win32 friendly. Also updated the documentation.
  • C API [joes] Compensate for a missing CRLF in empty file upload block, which actually complies with RFC 2046 subsubsection 5.1.1. Konqueror (version unknown) and Mozilla 0.9.7 are known to emit such blocks.
  • Perl API [joes] $req->upload() in list context failed to filter out non-uploads. Also $req->upload("nonexistent-key-name") segfaults.
  • Perl test suite t/TEST.PL must run parent class' pre_configure to get the configuration right
  • C API [joes] apreq_brigade_concat() wasn't supplying the final EOS bucket to large brigades (>256K), which somtimes caused the prefetch loop in mod_apreq.c's apreq_filter() to hang.
  • Documentation [joes] CHANGES file reformatted, removing dates & other clutter as Stas suggests.
  • C API [joes] Rewrote cgi_read() in apreq_env.c and reworked mod_apreq.c to enforce apreq_env_max_body() settings.
  • C API [joes] Fixed bug in url_parser code- missing context brigade was needed to track key-value pairs which span multiple buckets.
  • C API [joes] API modifications: removed struct apreq_cfg_t, adding new apreq_env hooks max_body, max_brigade_len, and temp_dir. Folded apreq_parsers.h into apreq_params.h and modified the arguments to apreq_run_parser() and apreq_run_hook(). Renamed apreq_parser_t's content_type as enctype and apreq_copy_brigade() as apreq_brigade_copy(). These changes make libapreq2.so.2.0.5 incompatible with earlier versions.
  • Perl API [stas] Include ppport.h from blead-perl to support older perls. Add a proper support for ithreads.
  • C API [Swen Schillig, joes] Fixed bug in calculation of Netscape cookie expiration dates. apr_time_t is measured in microseconds, not seconds, which threw off the arithmetic; apr_time_from_sec was needed for the conversion.
  • C API [Max Kellermann] Fix segfault caused by invalid %-escape sequence in query string.

Changes with libapreq2-2.02-dev (released Nov 15, 2003)

  • Perl API [joes] Fix bogus pool/cookie initializers in Apache::Cookie::set_attr(), which caused Apache::Cookie::new to segfault. Bug first reported to modperl list by Wolfgang Kubens.

Changes with libapreq2-2.01-dev (released Nov 10, 2003)

  • build system [joes] Skip Apache::Test tests in env/ when Apache::Test is unavailable. This allows the C API to be build and installed without requiring Apache::Test (it is still a requirement for compiling the perl glue).
  • C API mod_apreq.c [joes] Parser errors were creeping into the return value of apreq_filter, which breaks the "transparent tee" paradigm. This caused bogus "400 Bad Request" responses (first reported by Vladimir Dudo) to occur when libapreq2 was used by an output filter during a GET request (handled by apache2's default handler). The test suite has been updated accordingly.
  • C API [joes] Incorporate libapreq_cgi into libapreq2 as the default environment, and add apreq_env_t and initializer apreq_env_module() to manage the environment at runtime (determining the environment at load-time was problematic on non-ELF systems).

Changes with libapreq2-2.00-dev (Oct 25, 2003)

  • C API: libapreq_cgi.c [randyk, joes] CGI environment defined by env/libapreq_cgi.c is functional (with tests added to env/t). This library may soon be incorporated directly into libapreq2 as a default enviroment.
  • C API: mod_apreq.c [joes] Added ctx->saw_eos to ensure we don't read from upstream filters after receiving an eos bucket. Otherwise it was possible for two eos buckets to appear when a prefetch read is involved, which breaks other modules like mod_proxy. This bug was uncovered by Philippe Chiasson. mod_apreq's apreq_env_majic_number bumped to reflect the added fixes.
  • configure: –enable-perl-glue [joes] The –enable-perl-glue option integrates the perl glue into the normal Unix build cycle. It is disabled by default, but is silently reenabled if the user configures the source tree via Makefile.PL.
  • C API [joes] Added apreq_header_attribute() and fixed mfd parser to allow "charset" attribute to appear in the Content-Type header. Sven Geisler points out that Opera 7.20 does generate such headers.
  • C API [joes] Added versioning API following http://apr.apache.org/versioning.html apreq_env renamed apreq_env_name, and apreq_env_magic_number added to provide versioning for environments (modules). The header files are now installed to "include/apreq2", and the library is renamed "libapreq2". Also added an apreq2-config script based on apu-config.
  • configure: static mod_apreq.c [Bojan Smojver, joes] Add –with-apache2-src configure option, along with –with-apr-config and –with-apu-config, and provide support for compiling mod_apreq into httpd as a static apache module.
  • C API: mod_apreq.c [joes] Support for internal redirects added to the mod_apreq filter. This ensures any POST data prefetched in the main request gets passed along to the subrequest handler(s).
  • C bugfix: apreq_decode [Graham Clark] If the source and destination strings are represented by the same pointer - e.g. if called as apreq_unescape(s) - string s is modified incorrectly in general. Patch includes new unit test.
  • Perl API [joes] Added $req->parse, $req->status, & "preparse" logic to $req->param & $req->upload.
  • C API [joes] Added "preparse" logic to apreq_params & apreq_uploads to bring behavior in line with libapreq-1.x.
  • C API [joes] Dropped param->charset. Make apreq_brigade_concat public, so mod_apreq can use it for its ctx->spool brigade.
  • Documentation [joes] Updated Cookie_pod to reflect API changes over v1.X.
  • Documentation [joes] Added doxygen links to Apache::Request and Apache::Cookie perl docs.
  • C API [joes] Added apreq_copy_brigade(bb) to apreq.h.
  • C API [joes] The new filter-based design required a complete departure from libapreq-1.X codebase. libapreq-2 is based solely on APR, and to be fully functional, requires a supporting environment similar to Apache-2. A person wishing to port libapreq-2 to a new environment needs to provide definitions for the declarations in apreq_env.h.
  • Perl API [joes] Aggregates are always collected into an APR::Table-based package. New table packages: Apache::Cookie::Table, Apache::Request::Table, and Apache::Upload::Table.
  • Perl API [joes] Apache::Cookie->fetch now requires an "environment" argument ($r). Its return value is blessed into the Apache::Cookie::Jar class.
  • Perl API [joes] Two new request lookup functions:
    1. $req->args - param lookup using only the query string
    2. $req->body - param lookup using only the POST data