$MODULE=Apache::ASP; $VERSION = 2.29; $DATE="11/19/2001";
Please see README for changes for past versions.
+ = improvement; - = bug fix
+Added some extra help text to the ./cgi/asp --help message
to clarify how to pass arguments to a script from the command line.
+When using $Server->Mail() API, if Content-Type header is set,
and MIME-Version is not, then a "MIME-Version: 1.0" header will be sent
for the email. This is correct according to RFC 1521 which specifies
for the first time the Content-Type: header for email documents.
Thanks to Philip Mak for pointing out this correct behavior.
+Made dependent on MLDBM::Sync version .25 to pass the taint_check.t test
+Improved server_mail.t test to work with mail servers were relaying is denied
+Added <html><body> tags to MailErrorsTo email
--Fixed SessionCount / Session_OnEnd bug, where these things were not
working for $Sessions that never had anything written to them.
This bug was introduced in 2.23/2.25 release.
There was an optimization in 2.23/2.25 where a $Session that was never
used does not write its state lock file & dbm files to disk, only if
it gets written too like $Session->{MARK}++. Tracking of these NULL $Sessions
then is handled solely in the internal database. For $Session garbage
collection though which would fire Session_OnEnd events and update
SessionCount, the Apache::ASP::State->GroupMembers() function was just
looking for state files on disk ... now it looks in the internal database
too for SessionID records for garbage collection.
Added a test at ./t/session_events.t for these things.
+Some optimizations for $Session API use.
+Added support for XSLT via XML::LibXSLT, patch courtesy of Michael Buschauer
-Got rid of an warning when recompiling changing includes under perl 5.6.1...
undef($code) method did not work for this perl version, rather undef(&$code) does.
Stopped using using Apache::Symbol for this when available.
-Make Apache::ASP script run under perl taint checking -T for perl 5.6.1...
$code =~ tr///; does not work to untaint here, so much use the slower:
$code =~ /^(.*)$/s; $code = $1; method to untaint.
-Check for inline includes changing, included in a dynamic included
loaded at runtime via $Response->Include(). Added test case for
this at t/include_change.t. If an inline include of a dynamic include
changes, the dynamic include should get recompiled now.
-Make OK to use again with PerlTaintCheck On, with MLDBM::Sync 2.25.
Fixed in ASP.pm, t/global.asa, and created new t/taint_check.t test script
+Load more modules when Apache::ASP is loaded so parent will share more
with children httpd:
Apache::Symbol
Devel::Symdump
Config
lib
MLDBM::Sync::SDBM_File
+When FileUploadMax bytes is exceeded for a file upload, there will not
be an odd error anymore resulting from $CGI::POST_MAX being triggered,
instead the file upload input will simply be ignored via $CGI::DISABLE_UPLOADS.
This gives the developer the opportunity to tell the user the the file upload
was too big, as demonstrated by the ./site/eg/file_upload.asp example.
To not let the web client POST a lot of data to your scripts as a form
of a denial of service attack use the apache config LimitRequestBody for the
max limits. You can think of PerlSetVar FileUploadMax as a soft limit, and
apache's LimitRequestBody as a hard limit.
--Under certain circumstances with file upload, it seems that IsClientConnected()
would return an aborted client value from $r->connection->aborted, so
the buffer output data would not be flushed to the client, and
the HTML page would return to the browser empty. This would be under
normal file upload use. One work-around was to make sure to initialize
the $Request object before $Response->IsClientConnected is called,
then $r->connection->aborted returns the right value.
This problem was probably introduced with IsClientConnected() code changes
starting in the 2.25 release.