-
| |
-
-  |
-
| - |
@@ -97,7 +87,7 @@
|
| <%= $key %>: | -<%= $args{$key} %> | +<%= $args{$key} %> |
\n ", - map { "$_= ".$Server->HTMLEncode(substr($Env->{$_}, 0, 100)) } - sort grep(/^HTTP_/, keys %$Env) - ); -my $query_out = join("
\n ", - map { "$_= ".$Server->HTMLEncode(substr($Query->{$_}, 0, 100)) } - sort keys %$Query - ); -my $form_out = join("
\n ", - map { "$_= ".$Server->HTMLEncode(substr($Form->{$_}, 0, 100)) } - sort keys %$Form - ); +my $http_out = join("\n", + map { "$_= ".$Server->HTMLEncodeByValue($Env->{$_}) } + sort keys %$Env + ); +$http_out =~ s/([^\n]{50,70})(.)/$1\n$2/gi; + +my $query_out = join("\n", + map { "$_= ".$Server->HTMLEncodeByValue($Query->{$_}) } + sort keys %$Query + ); +$query_out =~ s/([^\n]{50,70})(.)/$1\n$2/gi; + +my $form_out = join("\n", + map { "$_= ".$Server->HTMLEncodeByValue($Form->{$_}) } + sort keys %$Form + ); +$form_out =~ s/([^\n]{50,70})(.)/$1\n$2/gi; my %client_data = ( GLOBAL => $Server->Config('Global') || '.', FILE => $Server->File, @@ -26,6 +33,7 @@ HTTP_HEADERS => $http_out || '', QUERY => $query_out || '', FORM => $form_out || '', + RAW => $Raw || '', ); $Response->Include('Share::CORE/MailErrorsHTML.inc', %args, %client_data); diff -Nru libapache-asp-perl-2.62/lib/Apache/ASP/StateManager.pm libapache-asp-perl-2.63/lib/Apache/ASP/StateManager.pm --- libapache-asp-perl-2.62/lib/Apache/ASP/StateManager.pm 2011-08-15 16:25:30.000000000 +0000 +++ libapache-asp-perl-2.63/lib/Apache/ASP/StateManager.pm 2014-05-22 15:59:29.000000000 +0000 @@ -82,7 +82,11 @@ $self->{cookie_path} = &config($self, 'CookiePath', undef, '/'); $self->{cookie_domain} = &config($self, 'CookieDomain'); $self->{paranoid_session} = &config($self, 'ParanoidSession'); - $self->{remote_ip} = $r->connection()->remote_ip(); + + $self->{remote_ip} = eval { $r->connection()->remote_ip() }; # may not exist in Apache 2.4 + $self->{remote_ip} ||= eval { $r->useragent_ip() }; # should exist in Apache 2.4, best for end user agent IP address + $self->{remote_ip} ||= eval { $r->connection()->client_ip() }; # if useragent_ip not defined for Apache 2.4, try this one + $self->{session_count} = &config($self, 'SessionCount'); # cookieless session support, cascading values @@ -94,6 +98,7 @@ $self->{session_serialize} = &config($self, 'SessionSerialize'); $self->{secure_session} = &config($self, 'SecureSession'); + $self->{http_only_session} = &config($self, 'HTTPOnlySession'); # session timeout in seconds since that is what we work with internally $self->{session_timeout} = &config($self, 'SessionTimeout', undef, $SessionTimeout) * 60; $self->{'ua'} = $self->{headers_in}->get('User-Agent') || 'UNKNOWN UA'; @@ -440,8 +445,9 @@ unless($self->{session_url_force}) { # don't set the cookie when we are just using SessionQuery* configs my $secure = $self->{secure_session} ? '; secure' : ''; + my $httponly = $self->{http_only_session} ? '; HttpOnly' : ''; my $domain = $self->{cookie_domain} ? '; domain='.$self->{cookie_domain} : ''; - $self->{r}->err_headers_out->add('Set-Cookie', "$SessionCookieName=$id; path=$self->{cookie_path}".$domain.$secure); + $self->{r}->err_headers_out->add('Set-Cookie', "$SessionCookieName=$id; path=$self->{cookie_path}".$domain.$secure.$httponly); } $self->{session_id} = $id; } else { diff -Nru libapache-asp-perl-2.62/lib/Bundle/Apache/ASP/Extra.pm libapache-asp-perl-2.63/lib/Bundle/Apache/ASP/Extra.pm --- libapache-asp-perl-2.62/lib/Bundle/Apache/ASP/Extra.pm 2011-08-15 16:25:30.000000000 +0000 +++ libapache-asp-perl-2.63/lib/Bundle/Apache/ASP/Extra.pm 2014-05-20 21:55:21.000000000 +0000 @@ -1,6 +1,6 @@ package Bundle::Apache::ASP::Extra; -$VERSION = '1.02'; +$VERSION = '1.03'; 1; @@ -36,16 +36,8 @@ HTML::FillInForm - FormFill functionality which autofills HTML forms from form data -Apache::Filter - Required for SSI filtering with Apache::SSI - HTML::SimpleParse - Required for SSI filtering with Apache::SSI -Apache::SSI - Required for full server side includes support ( SSI ) beyond file includes - -Tie::TextDir - Fast file based cache for CacheDB, good for caching large values for things like XSLT and $Response->Include() caching - -Bundle::XML - Required for XML::XSLT support. - XML::XSLT - Required for XSLT support. May also use XML::Sablotron and XML::LibXSLT for this, which are not part of this bundle. =head1 DESCRIPTION diff -Nru libapache-asp-perl-2.62/LICENSE libapache-asp-perl-2.63/LICENSE --- libapache-asp-perl-2.62/LICENSE 2011-08-15 16:25:30.000000000 +0000 +++ libapache-asp-perl-2.63/LICENSE 1970-01-01 00:00:00.000000000 +0000 @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - -
Counter: $counter"); - - - The value for $counter++ will remain between requests. Generally use of - globals in this way is a BAD IDEA, and you can spare yourself many headaches - if do "use strict" perl programming which forces you to explicity declare - globals like: + Unless scoped by my() or local(), perl variables in mod_perl are treated + as globals, and values set may persist from one request to another. This + can be seen in as simple a script as this: - use vars qw($counter); + + $counter++; + $Response->Write("
Counter: $counter"); + - You can make all your Apache::ASP scripts strict by default by setting: + The value for $counter++ will remain between requests. Generally use of + globals in this way is a BAD IDEA, and you can spare yourself many + headaches if do "use strict" perl programming which forces you to + explicity declare globals like: - PerlSetVar UseStrict 1 + use vars qw($counter); + + You can make all your Apache::ASP scripts strict by default by setting: + + PerlSetVar UseStrict 1 Apache errors on the PerlHandler or PerlModule directives ? - You get an error message like this: + You get an error message like this: - Invalid command 'PerlModule', perhaps mis-spelled or defined by a - module not included in the server configuration. + Invalid command 'PerlModule', perhaps mis-spelled or defined by a + module not included in the server configuration. - You do not have mod_perl correctly installed for Apache. The PerlHandler and - PerlModule directives in Apache *.conf files are extensions enabled by - mod_perl and will not work if mod_perl is not correctly installed. - - Common user errors are not doing a 'make install' for mod_perl, which - installs the perl side of mod_perl, and not starting the right httpd after - building it. The latter often occurs when you have an old apache server - without mod_perl, and you have built a new one without copying over to its - proper location. + You do not have mod_perl correctly installed for Apache. The PerlHandler + and PerlModule directives in Apache *.conf files are extensions enabled + by mod_perl and will not work if mod_perl is not correctly installed. + + Common user errors are not doing a 'make install' for mod_perl, which + installs the perl side of mod_perl, and not starting the right httpd + after building it. The latter often occurs when you have an old apache + server without mod_perl, and you have built a new one without copying + over to its proper location. - To get mod_perl, go to http://perl.apache.org + To get mod_perl, go to http://perl.apache.org Error: no request object (Apache=SCALAR(0x???????):) - Your Apache + mod_perl build is not working properly, and is likely a RedHat - Linux RPM DSO build. Make sure you statically build your Apache + mod_perl - httpd, recompiled fresh from the sources. + Your Apache + mod_perl build is not working properly, and is likely a + RedHat Linux RPM DSO build. Make sure you statically build your Apache + + mod_perl httpd, recompiled fresh from the sources. I am getting a tie or MLDBM / state error message, what do I do? - Make sure the web server or you have write access to the eg directory, or to - the directory specified as Global in the config you are using. Default for - Global is the directory the script is in (e.g. '.'), but should be set to - some directory not under the www server document root, for security reasons, - on a production site. + Make sure the web server or you have write access to the eg directory, + or to the directory specified as Global in the config you are using. + Default for Global is the directory the script is in (e.g. '.'), but + should be set to some directory not under the www server document root, + for security reasons, on a production site. - Usually a + Usually a - chmod -R -0777 eg + chmod -R -0777 eg - will take care of the write access issue for initial testing purposes. + will take care of the write access issue for initial testing purposes. - Failing write access being the problem, try upgrading your version of - Data::Dumper and MLDBM, which are the modules used to write the state files. + Failing write access being the problem, try upgrading your version of + Data::Dumper and MLDBM, which are the modules used to write the state + files. Sessions How can I use $Session to store complex data structures. - Very carefully. Please read the $Session documentation in the OBJECTS - section. You can store very complex objects in $Session, but you have to - understand the limits, and the syntax that must be used to make this happen. + Very carefully. Please read the $Session documentation in the OBJECTS + section. You can store very complex objects in $Session, but you have to + understand the limits, and the syntax that must be used to make this + happen. - In particular, stay away from statements that that have more than one level - of indirection on the left side of an assignment like: + In particular, stay away from statements that that have more than one + level of indirection on the left side of an assignment like: - $Session->{complex}{object} = $data; + BAD: $Session->{complex}{object} = $data; How can I keep search engine spiders from killing the session manager? - If you want to disallow session creation for certain non web browser user - agents, like search engine spiders, you can use a mod_perl PerlInitHandler - like this to set configuration variables at runtime: + If you want to disallow session creation for certain non web browser + user agents, like search engine spiders, you can use a mod_perl + PerlInitHandler like this to set configuration variables at runtime: - # put the following code into httpd.conf and stop/start apache server - PerlInitHandler My::InitHandler + # put the following code into httpd.conf and stop/start apache server + PerlInitHandler My::InitHandler -