Update version/date in docs.

CHANGES

@@ -1,3 +1,8 @@
+17 Oct 2007 - 2.1.4-rc2
+-----------------------
+
+ * Do not process subrequests in phase 2-4, but do hand off the request data.
+
 
 15 Oct 2007 - 2.1.4-rc1
 -----------------------

apache2/apache2_io.c

@@ -40,6 +40,11 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
 
     msr->r = f->r;
 
+    if (msr->phase < PHASE_REQUEST_BODY) {
+            msr_log(msr, 1, "Internal error: REQUEST_BODY phase incomplete for input filter in phase %d", msr->phase);
+            return APR_EGENERAL;
+    }
+
     if ((msr->if_status == IF_STATUS_COMPLETE)||(msr->if_status == IF_STATUS_NONE)) {
         if (msr->txcfg->debuglog_level >= 4) {
             msr_log(msr, 4, "Input filter: Input forwarding already complete, skipping (f %x, r %x).", f, f->r);

apache2/mod_security2.c

@@ -860,17 +860,27 @@ static int hook_log_transaction(request_rec *r) {
 static void hook_insert_filter(request_rec *r) {
     modsec_rec *msr = NULL;
 
-    /* This function needs to run only once per transaction
+    /* Find the transaction context first. */
+    msr = retrieve_tx_context(r);
+    if (msr == NULL) return;
+
+    /* Add the input filter, but only if we need it to run. */
+    if (msr->if_status == IF_STATUS_WANTS_TO_RUN) {
+        if (msr->txcfg->debuglog_level >= 4) {
+            msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter %s(r %x).", (((r->main != NULL)||(r->prev != NULL)) ? "for subrequest " : ""), r);
+        }
+
+        ap_add_input_filter("MODSECURITY_IN", msr, r, r->connection);
+    }
+
+
+    /* The output filters only need to be added only once per transaction
      * (i.e. subrequests and redirects are excluded).
      */
     if ((r->main != NULL)||(r->prev != NULL)) {
         return;
     }
 
-    /* Find the transaction context first. */
-    msr = retrieve_tx_context(r);
-    if (msr == NULL) return;
-
     /* Only proceed to add the filter if the engine is enabled. */
     if (msr->txcfg->is_enabled == 0) {
         if (msr->txcfg->debuglog_level >= 4) {
@@ -880,15 +890,6 @@ static void hook_insert_filter(request_rec *r) {
         return;
     }
 
-    /* Add the input filter, but only if we need it to run. */
-    if (msr->if_status == IF_STATUS_WANTS_TO_RUN) {
-        if (msr->txcfg->debuglog_level >= 4) {
-            msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter (r %x).", r);
-        }
-
-        ap_add_input_filter("MODSECURITY_IN", msr, r, r->connection);
-    }
-
     /* We always add the output filter because that's where we need to
      * initiate our 3rd and 4th processing phases from. The filter is
      * smart enough not to buffer the data if it is not supposed to.

apache2/modsecurity.h

@@ -48,7 +48,7 @@ typedef struct msc_string msc_string;
 #include "http_protocol.h"
 
 #define MODULE_NAME "ModSecurity"
-#define MODULE_RELEASE "2.1.4-rc1"
+#define MODULE_RELEASE "2.1.4-rc2"
 #define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
 
 #define PHASE_REQUEST_HEADERS       1

doc/modsecurity2-apache-reference.xml

@@ -3,7 +3,7 @@
   <title>ModSecurity Reference Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.1.4-rc1 / (October 15, 2007)</releaseinfo>
+    <releaseinfo>Version 2.1.4-rc2 / (October 17, 2007)</releaseinfo>
 
     <copyright>
       <year>2004-2007</year>