Index: /branches/rel_ag_9_4_5/DesktopDirect/bsdart/3rdPartyLibs/array_lighttpd_security.patch
===================================================================
--- /branches/rel_ag_9_4_5/DesktopDirect/bsdart/3rdPartyLibs/array_lighttpd_security.patch	(revision 20420)
+++ /branches/rel_ag_9_4_5/DesktopDirect/bsdart/3rdPartyLibs/array_lighttpd_security.patch	(working copy)
@@ -171,3 +171,22 @@
  		}
  #endif
  #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
+diff -rup ./src/response.c ../lighttpd-1.4.28/src/response.c
+--- ./src/response.c   2010-08-17 17:04:38.000000000 +0800
++++ ../lighttpd-1.4.28/src/response.c    2025-04-14 16:26:45.689695400 +0800
+@@ -281,6 +281,15 @@ handler_t http_response_prepare(server *
+ 		config_patch_connection(srv, con, COMP_HTTP_COOKIE);    /* Cookie:  */
+ 		config_patch_connection(srv, con, COMP_HTTP_REQUEST_METHOD); /* REQUEST_METHOD */
+ 
++		/** avoid information leak */
++		if (NULL != (qstr = strchr(con->request.uri->ptr, ';'))) {
++		        con->http_status = 403;	
++                        if (con->conf.log_request_handling) {
++				log_error_write(srv, __FILE__, __LINE__,  "s",  "Access denied due semicolon character");
++                        }
++                        return HANDLER_FINISHED;
++		}
++
+ 		/** their might be a fragment which has to be cut away */
+ 		if (NULL != (qstr = strchr(con->request.uri->ptr, '#'))) {
+ 			con->request.uri->used = qstr - con->request.uri->ptr;
Index: /branches/rel_ag_9_4_5/DesktopDirect/bsdart/Makefile
===================================================================
--- /branches/rel_ag_9_4_5/DesktopDirect/bsdart/Makefile	(revision 20421)
+++ /branches/rel_ag_9_4_5/DesktopDirect/bsdart/Makefile	(working copy)
@@ -7,7 +7,6 @@
 SDIRS += syncutil
 
 all:: buildsubdirs $(TARGET) $(INST_CLI_LIB) $(INST_LIB) $(INST_BIN)
-PCRE_PREFIX := $(CURDIR)/3rdPartyLibs/pcre-8.01/install/pcre
 
 buildsubdirs : 
 	cd 3rdPartyLibs;tar zxvf tars/openldap-2.4.30.tgz;ln -sf openldap-2.4.30 openldap;cd openldap; ./configure --prefix=/ca --sysconfdir=/ca --enable-slapd=no --with-tls=openssl;make depend;make
@@ -23,22 +22,7 @@
 	cd external;make all 
 	cd common;make all inst_bin
 	cd rlm_dd;make
-	cd 3rdPartyLibs;tar -zxf tars/pcre-8.01.tar.gz;cd pcre-8.01/;mkdir -p install/pcre;./configure --prefix=$(PCRE_PREFIX);make;make install;
-#	cd 3rdPartyLibs;tar -xf tars/lighttpd-1.4.28.tar;cd lighttpd-1.4.28;cp ../Makefile.in ./src/;./configure --without-pcre --enable-static; cp ../plugin-static.h ./src; patch < ../array_lighttpd_security.patch
-	( \
-	OLDPATH=$$PATH; \
-	export PATH=$(PCRE_PREFIX)/bin:$$PATH; \
-	cd 3rdPartyLibs; \
-	tar -xf tars/lighttpd-1.4.28.tar; \
-	cd lighttpd-1.4.28; \
-	cp ../Makefile.in ./src/; \
-	CFLAGS="-I$(PCRE_PREFIX)/include" \
-	LDFLAGS="-L$(PCRE_PREFIX)/lib" \
-	./configure --with-pcre --enable-static; \
-	cp ../plugin-static.h ./src; \
-	patch < ../array_lighttpd_security.patch; \
-	export PATH=$$OLDPATH; \
-	)
+	cd 3rdPartyLibs;tar -xf tars/lighttpd-1.4.28.tar;cd lighttpd-1.4.28;cp ../Makefile.in ./src/;./configure --without-pcre --enable-static; cp ../plugin-static.h ./src; patch < ../array_lighttpd_security.patch
 	cd plugin;make all
 	cd cli;make all inst_cli_lib
 	cd syncutil;make all inst_bin
Index: /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/Makefile
===================================================================
--- /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/Makefile	(revision 20421)
+++ /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/Makefile	(working copy)
@@ -7,15 +7,12 @@
 ../3rdPartyLibs/libxml2-2.7.6/.libs/libxml2.a 
 #/usr/lib/libz.a /usr/lib/libm.a
 
-LIBPCRE_LIBS = \
-../3rdPartyLibs/pcre-8.01/install/pcre/lib/libpcre.a
-
 FLAGS = -O0 -g -fPIC -DLDAP_DEPRECATED
 CFLAGS = $(FLAGS) $(DEBUG) -I.. -I. -I$(TOP)/user_slog \
--I../3rdPartyLibs/lighttpd-1.4.28 -I../3rdPartyLibs/lighttpd-1.4.28/src -I../3rdPartyLibs/libxml2-2.7.6/include -I../3rdPartyLibs/sqlite-3.6.21 -I../3rdPartyLibs/pcre-8.01/install/pcre/include $(INCLUDE) -UMODULE_DEBUG -DNEWCALLS
+-I../3rdPartyLibs/lighttpd-1.4.28 -I../3rdPartyLibs/lighttpd-1.4.28/src -I../3rdPartyLibs/libxml2-2.7.6/include -I../3rdPartyLibs/sqlite-3.6.21 $(INCLUDE) -UMODULE_DEBUG -DNEWCALLS
 
 
-LIBS = ${LIBXML_LIBS} ${LIBLDAP_LIBS} ${LIBPCRE_LIBS} ../common/libdb_intf.a ../3rdPartyLibs/sqlite-3.6.21/.libs/libsqlite3.a -L $(TOP)/ha/halib -lhalib $(AG_TOP)/ui/lib/libui_output.a -L $(TOP)/objdir -lfastlog -lenglog -L /usr/shared/lib -L../ui/management ../3rdPartyLibs/libiconv-1.14/srclib/.libs/libiconv.so 
+LIBS = ${LIBXML_LIBS} ${LIBLDAP_LIBS} ../common/libdb_intf.a ../3rdPartyLibs/sqlite-3.6.21/.libs/libsqlite3.a -L $(TOP)/ha/halib -lhalib $(AG_TOP)/ui/lib/libui_output.a -L $(TOP)/objdir -lfastlog -lenglog -L /usr/shared/lib -L../ui/management ../3rdPartyLibs/libiconv-1.14/srclib/.libs/libiconv.so 
 
 TARGET = mod_art_server.a
 ARCHIVE = mod_art_server.a
@@ -40,7 +37,7 @@
 	make clean; cd ..; done
 
 ${ARCHIVE}: $(OBJS)
-	${AR} -rs mod_art_server.a $(OBJS) ../common/*.o ../3rdPartyLibs/zlib-1.2.5/*.o ../3rdPartyLibs/libxml2-2.7.6/.libs/*.o ../3rdPartyLibs/sqlite-3.6.21/sqlite3.o ../3rdPartyLibs/pcre-8.01/*.o -lenglog
+	${AR} -rs mod_art_server.a $(OBJS) ../common/*.o ../3rdPartyLibs/zlib-1.2.5/*.o ../3rdPartyLibs/libxml2-2.7.6/.libs/*.o ../3rdPartyLibs/sqlite-3.6.21/sqlite3.o -lenglog
 
 %.o: %.c 
 	$(CC) -c $(CFLAGS) ${LIBS} -lutil -luserslog -o $@ $<
Index: /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/art_server.conf
===================================================================
--- /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/art_server.conf	(revision 20421)
+++ /branches/rel_ag_9_4_5/DesktopDirect/bsdart/plugin/art_server.conf	(working copy)
@@ -125,10 +125,6 @@
 #      of the document-root
 url.access-deny             = ( "~", ".inc" )
 
-$HTTP["url"] =~ ";" {
-    url.access-deny = ("")
-}
-
 #$HTTP["url"] =~ "\.pdf$" {
 #  server.range-requests = "disable"
 #}