Skip to content

Fix error: use of undeclared identifier 'free'#58

Merged
etr merged 1 commit into
etr:masterfrom
guoxiao:free
Jan 7, 2015
Merged

Fix error: use of undeclared identifier 'free'#58
etr merged 1 commit into
etr:masterfrom
guoxiao:free

Conversation

@guoxiao

@guoxiao guoxiao commented Jan 3, 2015

Copy link
Copy Markdown
Contributor

No description provided.

@coveralls

Copy link
Copy Markdown

Coverage Status

Coverage remained the same when pulling b6e7cbd on guoxiao:free into e68290b on etr:master.

@etr

etr commented Jan 7, 2015

Copy link
Copy Markdown
Owner

Looks positive

etr added a commit that referenced this pull request Jan 7, 2015
Fix error: use of undeclared identifier 'free'
@etr etr merged commit 3856cda into etr:master Jan 7, 2015
etr added a commit that referenced this pull request May 28, 2026
…files

Sweeper agents verified each unchecked finding against the current code on
feature/v2.0 and added a *Status:* line (Resolved / False positive / deferred)
where one was missing.

Coverage:
- 22 review files swept (task-007/008/010/011/012/013/019/020/022/023/028/
  029/030/036/040/042/047/049 plus three already fully dispositioned)
- ~330 items dispositioned this pass
- 0 remaining unchecked items without a *Status:* / *Fixed:* / *Deferred:*
  marker across the whole specs/unworked_review_issues/ directory

Notable verified-fixed clusters: TASK-011/012/013 closed most of TASK-010's
http_response findings; TASK-046/048/049 closed most of TASK-047's hook-bus
findings; TASK-027 cache + ban-system work closed most of TASK-019/020/030.

Notable deferrals worth a follow-up pass (queued for Pass 2):
- task-019 #22: A09 password plaintext in http_request operator<<
- task-010 #23/#24: input-validation gaps in http_response file/pipe factories
- task-036 #37: v2 3-tier route table (TASK-027) built but never wired
  into dispatch hot path
- task-036 #38: auth_handler_ptr migration to optional<http_response>
- task-040 #58#61: hardcoded creds + reflected XSS + path traversal in
  example code (users will copy these)
- task-047 #3/#4/#5: hook_handle::remove() switch refactor + fire_hooks
  unification + curl helper extraction

No code changes in this commit — only review-file dispositions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
etr added a commit that referenced this pull request May 28, 2026
Implements the highest-signal deferred findings surfaced by Pass 1:

examples/ — security fixes copied by users (CWE-798, CWE-79, CWE-22):
- basic_authentication.cpp: read BASIC_USER/BASIC_PASS from env; bail
  if unset; capture into the lambda. Removes hardcoded "myuser"/"mypass".
- digest_authentication.cpp: read DIGEST_PASS from env; bail if unset.
- file_upload.cpp: add html_escape() helper and escape every
  user-controlled field (key, filename, fs path, content-type, transfer
  encoding) before writing into the HTML table.
- file_upload_with_callback.cpp: html_escape() the filename in the HTML
  body and add is_safe_filename() guard (rejects empty/./../slash/
  backslash/NUL) before joining with permanent_dir.

test/REGRESSION.md §4 — prose drift:
- The pinned overlap test now asserts `*hp == first` (deterministic
  first-wins) but the prose still said "could be either one". Updated
  to match the actual assertion and remove the v1-era hedge.

Closes task-040 #58 #59 #60 #61 and task-028 #9 #25 in the unworked
review issues tracker.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants