Fixed decoding \9 with t:escapeSeqDecode. See #423.

2025-08-13 21:36:00 +03:00 · 2007-12-14 00:30:25 +00:00 · 2007-12-14 00:30:25 +00:00 · aa68fff104
commit aa68fff104
parent 8aa31fd099
3 changed files with 6 additions and 4 deletions
--- a/4
+++ b/4
@ -1,6 +1,8 @@
-12 Dec 2007 - 2.5.0-rc1
+13 Dec 2007 - 2.5.0-rc1
 -----------------------

+ * Fixed t:escapeSeqDecode to better follow ANSI C escapes.
+
 * Added t:jsDecode to decode JavScript escape sequences.

 * Added IS_NEW and IS_EXPIRED built-in collection variables.
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@ -1054,7 +1054,7 @@ int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len) {
                    }
                }
                else
-                if (isdigit(input[i + 1])) { /* Octal. */
+                if (ISODIGIT(input[i + 1])) { /* Octal. */
                    char buf[10];
                    int j = 0, l = 3;

--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@ -3,7 +3,7 @@
  <title>ModSecurity Reference Manual</title>

  <articleinfo>
-    <releaseinfo>Version 2.5.0-rc1/ (December 12, 2007)</releaseinfo>
+    <releaseinfo>Version 2.5.0-rc1/ (December 13, 2007)</releaseinfo>

    <copyright>
      <year>2004-2007</year>
@ -5165,4 +5165,4 @@ SecRule REQUEST_METHOD "!<emphasis>@within %{tx.allowed_methods}</emphasis>" t:l
      </section>
    </section>
  </section>
-</article>
+</article>