This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security.
Standing to Apache's APR documentation at
https://apr.apache.org/docs/apr/0.9/group__apr__strings.html#g7bd80c95ffb7b3f96b
c78e7b5b5b0045
the apr_pstrcat() function takes a list of strings. The code in 1.0.6_beta
instead passes a character ('/'), beside missing a sentinel at the end of
parameters.
I'm attaching a patch to fix the issue.
Original issue reported on code.google.com by flameeyes on 31 Aug 2011 at 3:46
Original issue reported on code.google.com by
flameeyes
on 31 Aug 2011 at 3:46Attachments: