Apache HTTP Server Request Library 2.04-dev Released
The Apache Software Foundation and The Apache HTTP Server Project
are pleased to announce the 2.04-dev release of libapreq2. This
Announcement notes significant changes introduced by this release.
The package libapreq2-2.04_03-dev.tar.gz is released under the Apache License
version 2.0. It is now available through the ASF mirrors
http://httpd.apache.org/apreq/download.cgi
http://httpd.apache.org/apreq/download.cgi
and has entered the CPAN as
file: $CPAN/authors/id/J/JO/JOESUF/libapreq2-2.04_03-dev.tar.gz
size: 592748 bytes
md5: 1f5dd762c877b716f3774d502f575196
libapreq2 is an APR-based shared library used for parsing HTTP cookies,
query-strings and POST data. The package libapreq2-2.04_03-dev.tar.gz provides
1) version 2.0.20 of the libapreq2 library,
2) mod_apreq, a filter module necessary for using libapreq2
within the Apache HTTP Server,
3) the Apache::Request, Apache::Cookie, and Apache::Upload
perl modules for using libapreq2 with modperl-2.
========================================================================
Changes with libapreq2-2.04-dev (released August 30, 2004)
- Perl API [joes]
Add TAINT checks, marking all parsed data as tainted.
- C API [joes]
Add body_status attribute to apreq_request_t, to allow the both
environment and the parser to report any errors encountered.
- C API [randyk, joes]
Cookie parser was locking up on non-alphanumeric chars in cookie names.
Also RFC Cookie attributes are always checked for quotes during bake(2),
and the quotes are now stripped from incoming RFC cookies during parsing
(but they are never stripped from the actual cookie value).
- Perl API [joes]
Apache::Cookie::Jar->new accepts a VALUE_CLASS argument, which effectively
blesses all the jar's cookies into that class, which simplifies subclassing
Apache::Cookie. Accordingly Apache::Cookie->freeze($value) no longer accepts
a freeze()-able object in $value.
- C API [Markus Wichitill, randyk, joes]
Drop APR_DELONCLOSE from apreq_file_mktemp implementation and install
apreq_file_cleanup. When passed to apr_file_open on Win32, APR_DELONCLOSE
sets the FILE_SHARED_DELETE flag, which is, unfortunately, a property that
is preserved across NTFS "hard" links. This breaks apps that link()
the temp file to a permanent location, and subsequently expect to open it
without FILE_SHARED_DELETE before the original tempfile is closed+deleted.
In fact, even Apache::Upload does this, so it is a common enough event that
the apreq_file_cleanup workaround is necessary.
- C API [Ken Burcham, joes]
Fix bug in url parser that occurs when a %XX-encoded sequence
is split across multiple buckets. Added apreq_decode_decodev
to make this problem less inconvenient.
- Perl API [joes]
Exception objects inherit from the object which raised it,
which allows $@ to invoke its methods with impunity (exceptions
are disabled for objects which derive from an exception class).
- Perl API [joes]
Implement HOOK_DATA and UPLOAD_HOOK.
- Perl API [joes]
Add safe XS wrappers for $table->add, $table->set, $table->STORE,
and $table_class->new.
- Perl API [joes]
Add exceptions to $upload->link, $upload->tempname, $upload->slurp,
and $cookie->set_attr. Return value of $upload->slurp is now the
upload length. Also document new $upload->io.
- C API [joes]
Restrict all apr_status_t codes to APR_SUCCESS, APR_INCOMPLETE,
APR_EGENERAL, APR_EINIT, APR_ENOTIMPL, since any others will
generate confusing error messages from apr_strerror.
- Perl API [joes]
Added $upload->io with a TIEHANDLE API layered over APR::Brigade. $upload->fh
remains implemented as an APR::PerlIO object, which is seekable but less efficient
and currently suffers some portability issues associated with largefile support
in perl and apr.
- Perl API [joes]
Added apreq_xs_croak for throwing APR::Error exceptions and included
error-checking on $req->param, $req->args, $req->body, $req->upload,
and $jar->get.
- Perl API [joes]
Added $jar->status, $req->args_status and $req->body_status to report
parsing errors. Also add $upload->tempname per user request.
- C API [joes]
Dropped status attribute of apreq_value_t. Added status field to
apreq_jar_t and added args_status field to apreq_request_t. Parsers
also must return their public status code when a NULL brigade is passed.
apreq_hook_disable_uploads() is also added.
.
This is an ABI change affecting all versions of libapreq2 prior to 2.0.12.
- Perl API [joes]
$upload->info returns a proper APR::Table object now. Also implemented
$upload->size, $upload->fh, and $upload->type.
- C API [Jean-François Meesse]
mfd parser fails to parse CRLF-terminated files when the terminating
boundary string is at the start of a new bucket. This is reportedly
a common event for PDF files uploaded with Netscape 7.
- Perl API [joes]
Add back-compat support for Apache::Cookie->fetch() via
Apache->request.
- C API [joes]
Add MaxBody, MaxBrigade, and TempDir per-dir directives to mod_apreq
filter.
- C API [joes]
Replace free/tempnam dependency in apreq_file_mktemp() with
apr_temp_dir_get(). Add additional gcc warning flags when
--enable-maintainer-mode is set.
- C API [joes, Scott Hutton]
Replace apreq_brigade_copy with more effective APREQ_BRIGADE_COPY
macro. Also introduce APREQ_BRIGADE_SETASIDE to deal with buckets
that need to be set aside for use in future function calls. mod_ssl
generates transient buckets which tickled this bug.
- Perl API [joes]
Separate Apache::Upload module from Apache::Request for
better organization.
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@perl.apache.org
For additional commands, e-mail: announce-help@perl.apache.org
The Apache Software Foundation and The Apache HTTP Server Project
are pleased to announce the 2.04-dev release of libapreq2. This
Announcement notes significant changes introduced by this release.
The package libapreq2-2.04_03-dev.tar.gz is released under the Apache License
version 2.0. It is now available through the ASF mirrors
http://httpd.apache.org/apreq/download.cgi
http://httpd.apache.org/apreq/download.cgi
and has entered the CPAN as
file: $CPAN/authors/id/J/JO/JOESUF/libapreq2-2.04_03-dev.tar.gz
size: 592748 bytes
md5: 1f5dd762c877b716f3774d502f575196
libapreq2 is an APR-based shared library used for parsing HTTP cookies,
query-strings and POST data. The package libapreq2-2.04_03-dev.tar.gz provides
1) version 2.0.20 of the libapreq2 library,
2) mod_apreq, a filter module necessary for using libapreq2
within the Apache HTTP Server,
3) the Apache::Request, Apache::Cookie, and Apache::Upload
perl modules for using libapreq2 with modperl-2.
========================================================================
Changes with libapreq2-2.04-dev (released August 30, 2004)
- Perl API [joes]
Add TAINT checks, marking all parsed data as tainted.
- C API [joes]
Add body_status attribute to apreq_request_t, to allow the both
environment and the parser to report any errors encountered.
- C API [randyk, joes]
Cookie parser was locking up on non-alphanumeric chars in cookie names.
Also RFC Cookie attributes are always checked for quotes during bake(2),
and the quotes are now stripped from incoming RFC cookies during parsing
(but they are never stripped from the actual cookie value).
- Perl API [joes]
Apache::Cookie::Jar->new accepts a VALUE_CLASS argument, which effectively
blesses all the jar's cookies into that class, which simplifies subclassing
Apache::Cookie. Accordingly Apache::Cookie->freeze($value) no longer accepts
a freeze()-able object in $value.
- C API [Markus Wichitill, randyk, joes]
Drop APR_DELONCLOSE from apreq_file_mktemp implementation and install
apreq_file_cleanup. When passed to apr_file_open on Win32, APR_DELONCLOSE
sets the FILE_SHARED_DELETE flag, which is, unfortunately, a property that
is preserved across NTFS "hard" links. This breaks apps that link()
the temp file to a permanent location, and subsequently expect to open it
without FILE_SHARED_DELETE before the original tempfile is closed+deleted.
In fact, even Apache::Upload does this, so it is a common enough event that
the apreq_file_cleanup workaround is necessary.
- C API [Ken Burcham, joes]
Fix bug in url parser that occurs when a %XX-encoded sequence
is split across multiple buckets. Added apreq_decode_decodev
to make this problem less inconvenient.
- Perl API [joes]
Exception objects inherit from the object which raised it,
which allows $@ to invoke its methods with impunity (exceptions
are disabled for objects which derive from an exception class).
- Perl API [joes]
Implement HOOK_DATA and UPLOAD_HOOK.
- Perl API [joes]
Add safe XS wrappers for $table->add, $table->set, $table->STORE,
and $table_class->new.
- Perl API [joes]
Add exceptions to $upload->link, $upload->tempname, $upload->slurp,
and $cookie->set_attr. Return value of $upload->slurp is now the
upload length. Also document new $upload->io.
- C API [joes]
Restrict all apr_status_t codes to APR_SUCCESS, APR_INCOMPLETE,
APR_EGENERAL, APR_EINIT, APR_ENOTIMPL, since any others will
generate confusing error messages from apr_strerror.
- Perl API [joes]
Added $upload->io with a TIEHANDLE API layered over APR::Brigade. $upload->fh
remains implemented as an APR::PerlIO object, which is seekable but less efficient
and currently suffers some portability issues associated with largefile support
in perl and apr.
- Perl API [joes]
Added apreq_xs_croak for throwing APR::Error exceptions and included
error-checking on $req->param, $req->args, $req->body, $req->upload,
and $jar->get.
- Perl API [joes]
Added $jar->status, $req->args_status and $req->body_status to report
parsing errors. Also add $upload->tempname per user request.
- C API [joes]
Dropped status attribute of apreq_value_t. Added status field to
apreq_jar_t and added args_status field to apreq_request_t. Parsers
also must return their public status code when a NULL brigade is passed.
apreq_hook_disable_uploads() is also added.
.
This is an ABI change affecting all versions of libapreq2 prior to 2.0.12.
- Perl API [joes]
$upload->info returns a proper APR::Table object now. Also implemented
$upload->size, $upload->fh, and $upload->type.
- C API [Jean-François Meesse]
mfd parser fails to parse CRLF-terminated files when the terminating
boundary string is at the start of a new bucket. This is reportedly
a common event for PDF files uploaded with Netscape 7.
- Perl API [joes]
Add back-compat support for Apache::Cookie->fetch() via
Apache->request.
- C API [joes]
Add MaxBody, MaxBrigade, and TempDir per-dir directives to mod_apreq
filter.
- C API [joes]
Replace free/tempnam dependency in apreq_file_mktemp() with
apr_temp_dir_get(). Add additional gcc warning flags when
--enable-maintainer-mode is set.
- C API [joes, Scott Hutton]
Replace apreq_brigade_copy with more effective APREQ_BRIGADE_COPY
macro. Also introduce APREQ_BRIGADE_SETASIDE to deal with buckets
that need to be set aside for use in future function calls. mod_ssl
generates transient buckets which tickled this bug.
- Perl API [joes]
Separate Apache::Upload module from Apache::Request for
better organization.
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@perl.apache.org
For additional commands, e-mail: announce-help@perl.apache.org