Fixed decoding \9 with t:escapeSeqDecode. See #423.

CHANGES

@@ -1,6 +1,8 @@
-12 Dec 2007 - 2.5.0-rc1
+13 Dec 2007 - 2.5.0-rc1
 -----------------------
 
+ * Fixed t:escapeSeqDecode to better follow ANSI C escapes.
+
  * Added t:jsDecode to decode JavScript escape sequences.
 
  * Added IS_NEW and IS_EXPIRED built-in collection variables.

apache2/msc_util.c

@@ -1054,7 +1054,7 @@ int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len) {
                     }
                 }
                 else
-                if (isdigit(input[i + 1])) { /* Octal. */
+                if (ISODIGIT(input[i + 1])) { /* Octal. */
                     char buf[10];
                     int j = 0, l = 3;
 

doc/modsecurity2-apache-reference.xml

@@ -3,7 +3,7 @@
   <title>ModSecurity Reference Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.5.0-rc1/ (December 12, 2007)</releaseinfo>
+    <releaseinfo>Version 2.5.0-rc1/ (December 13, 2007)</releaseinfo>
 
     <copyright>
       <year>2004-2007</year>
@@ -5165,4 +5165,4 @@ SecRule REQUEST_METHOD "!<emphasis>@within %{tx.allowed_methods}</emphasis>" t:l
       </section>
     </section>
   </section>
-</article>
+</article>