+ * Revision 1.84 2007/03/20 15:16:34 fabiankeil
+ * Use dedicated header filter actions instead of abusing "filter".
+ * Replace "filter-client-headers" and "filter-client-headers"
+ * with "server-header-filter" and "client-header-filter".
+ *
+ * Revision 1.83 2007/03/17 15:20:05 fabiankeil
+ * New config option: enforce-blocks.
+ *
+ * Revision 1.82 2007/03/13 11:28:43 fabiankeil
+ * - Fix port handling in acl_addr() and use a temporary acl spec
+ * copy so error messages don't contain a truncated version.
+ * - Log size of iob before and after decompression.
+ *
+ * Revision 1.81 2007/03/05 14:40:53 fabiankeil
+ * - Cosmetical changes for LOG_LEVEL_RE_FILTER messages.
+ * - Hide the "Go there anyway" link for blocked CONNECT
+ * requests where going there anyway doesn't work anyway.
+ *
+ * Revision 1.80 2007/02/07 10:55:20 fabiankeil
+ * - Save the reason for generating http_responses.
+ * - Block (+block) with status code 403 instead of 404.
+ * - Use a different kludge to remember a failed decompression.
+ *
+ * Revision 1.79 2007/01/31 16:21:38 fabiankeil
+ * Search for Max-Forwards headers case-insensitive,
+ * don't generate the "501 unsupported" message for invalid
+ * Max-Forwards values and don't increase negative ones.
+ *
+ * Revision 1.78 2007/01/28 13:41:18 fabiankeil
+ * - Add HEAD support to finish_http_response.
+ * - Add error favicon to internal HTML error messages.
+ *
+ * Revision 1.77 2007/01/12 15:36:44 fabiankeil
+ * Mark *csp as immutable for is_untrusted_url()
+ * and is_imageurl(). Closes FR 1237736.
+ *
+ * Revision 1.76 2007/01/01 19:36:37 fabiankeil
+ * Integrate a modified version of Wil Mahan's
+ * zlib patch (PR #895531).
+ *
+ * Revision 1.75 2006/12/29 18:30:46 fabiankeil
+ * Fixed gcc43 conversion warnings,
+ * changed sprintf calls to snprintf.
+ *
+ * Revision 1.74 2006/12/24 17:37:38 fabiankeil
+ * Adjust comment in pcrs_filter_response()
+ * to recent pcrs changes. Hohoho.
+ *
+ * Revision 1.73 2006/12/23 16:01:02 fabiankeil
+ * Don't crash if pcre returns an error code
+ * that pcrs didn't expect. Fixes BR 1621173.
+ *
+ * Revision 1.72 2006/12/22 18:52:53 fabiankeil
+ * Modified is_untrusted_url to complain in case of
+ * write errors and to give a reason when adding new
+ * entries to the trustfile. Closes FR 1097611.
+ *
+ * Revision 1.71 2006/12/22 14:24:52 fabiankeil
+ * Skip empty filter files in pcrs_filter_response,
+ * but don't ignore the ones that come afterwards.
+ * Fixes parts of BR 1619208.
+ *
+ * Revision 1.70 2006/12/09 13:33:15 fabiankeil
+ * Added some sanity checks for get_last_url().
+ * Fixed possible segfault caused by my last commit.
+ *
+ * Revision 1.69 2006/12/08 12:39:13 fabiankeil
+ * Let get_last_url() catch https URLs as well.
+ *
+ * Revision 1.68 2006/12/05 14:45:48 fabiankeil
+ * Make sure get_last_url() behaves like advertised
+ * and fast-redirects{} can be combined with redirect{}.
+ *
+ * Revision 1.67 2006/11/28 15:19:43 fabiankeil
+ * Implemented +redirect{s@foo@bar@} to generate
+ * a redirect based on a rewritten version of the
+ * original URL.
+ *
+ * Revision 1.66 2006/09/23 13:26:38 roro
+ * Replace TABs by spaces in source code.
+ *
+ * Revision 1.65 2006/09/21 12:54:43 fabiankeil
+ * Fix +redirect{}. Didn't work with -fast-redirects.
+ *
+ * Revision 1.64 2006/08/31 10:55:49 fabiankeil
+ * Block requests for untrusted URLs with status
+ * code 403 instead of 200.
+ *
+ * Revision 1.63 2006/08/31 10:11:28 fabiankeil
+ * Don't free p which is still in use and will be later
+ * freed by free_map(). Don't claim the referrer is unknown
+ * when the client didn't set one.
+ *
+ * Revision 1.62 2006/08/14 00:27:47 david__schmidt
+ * Feature request 595948: Re-Filter logging in single line
+ *
+ * Revision 1.61 2006/08/03 02:46:41 david__schmidt
+ * Incorporate Fabian Keil's patch work:\rhttp://www.fabiankeil.de/sourcecode/privoxy/
+ *
+ * Revision 1.60 2006/07/18 14:48:46 david__schmidt
+ * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
+ * with what was really the latest development (the v_3_0_branch branch)
+ *
+ * Revision 1.58.2.9 2006/01/29 23:10:56 david__schmidt
+ * Multiple filter file support
+ *
+ * Revision 1.58.2.8 2005/05/07 21:50:55 david__schmidt
+ * A few memory leaks plugged (mostly on error paths)
+ *
+ * Revision 1.58.2.7 2004/10/03 12:53:32 david__schmidt
+ * Add the ability to check jpeg images for invalid
+ * lengths of comment blocks. Defensive strategy
+ * against the exploit:
+ * Microsoft Security Bulletin MS04-028
+ * Buffer Overrun in JPEG Processing (GDI+) Could
+ * Allow Code Execution (833987)
+ * Enabled with +inspect-jpegs in actions files.
+ *
+ * Revision 1.58.2.6 2003/12/06 22:18:27 gliptak
+ * Correcting compile problem with FEATURE_IMAGE_BLOCKING
+ *
+ * Revision 1.58.2.5 2003/11/11 13:10:31 oes
+ * Fixed bug #839859: "See why" link URL now gets url-encoded.
+ *
+ * Revision 1.58.2.4 2003/02/28 12:52:45 oes
+ * Fixed a typo
+ *
+ * Revision 1.58.2.3 2002/09/25 14:51:51 oes
+ * Added basic support for OPTIONS and TRACE HTTP methods:
+ * New function direct_response which handles OPTIONS and
+ * TRACE requests whose Max-Forwards header field is zero.
+ *
+ * Revision 1.58.2.2 2002/08/01 17:18:28 oes
+ * Fixed BR 537651 / SR 579724 (MSIE image detect improper for IE/Mac)
+ *
+ * Revision 1.58.2.1 2002/07/26 15:18:53 oes
+ * - Bugfix: Executing a filters without jobs no longer results in
+ * turing off *all* filters.
+ * - Security fix: Malicious web servers can't cause a seg fault
+ * through bogus chunk sizes anymore
+ *
+ * Revision 1.58 2002/04/24 02:11:17 oes
+ * Jon's multiple AF patch: url_actions now evaluates rules
+ * from all AFs.
+ *
+ * Revision 1.57 2002/04/08 20:38:34 swa
+ * fixed JB spelling
+ *
+ * Revision 1.56 2002/04/05 15:51:24 oes
+ * - bugfix: error-pages now get correct request protocol
+ * - fix for invalid HTML in trust info
+ *
+ * Revision 1.55 2002/04/02 16:13:51 oes
+ * Fix: No "Go there anyway" for SSL
+ *
+ * Revision 1.54 2002/04/02 14:55:56 oes
+ * Bugfix: is_untrusted_url() now depends on FEATURE_TRUST, not FEATURE_COOKIE_JAR
+ *
+ * Revision 1.53 2002/03/26 22:29:54 swa
+ * we have a new homepage!
+ *
+ * Revision 1.52 2002/03/24 16:35:57 jongfoster
+ * Removing logo
+ *
+ * Revision 1.51 2002/03/24 15:23:33 jongfoster
+ * Name changes
+ *
+ * Revision 1.50 2002/03/24 13:25:43 swa
+ * name change related issues
+ *
+ * Revision 1.49 2002/03/16 20:29:14 oes
+ * Cosmetics
+ *
+ * Revision 1.48 2002/03/13 20:25:34 oes
+ * Better logging for content filters
+ *
+ * Revision 1.47 2002/03/13 00:30:52 jongfoster
+ * Killing warnings
+ * Added option of always sending redirect for imageblock,
+ * currently disabled with #if 0.
+ *
+ * Revision 1.46 2002/03/12 01:42:49 oes
+ * Introduced modular filters
+ *
+ * Revision 1.45 2002/03/08 16:47:50 oes
+ * Added choice beween GIF and PNG built-in images
+ *
+ * Revision 1.44 2002/03/07 03:49:31 oes
+ * - Fixed compiler warnings etc
+ * - Changed built-in images from GIF to PNG
+ * (with regard to Unisys patent issue)
+ * - Added a 4x4 pattern PNG which is less intrusive
+ * than the logo but also clearly marks the deleted banners
+ *
+ * Revision 1.43 2002/01/22 23:51:59 jongfoster
+ * Replacing strsav() with the safer string_append().
+ *
+ * Adding missing html_encode() to error message generators. Where encoded
+ * and unencoded versions of a string were provided, removing the unencoded
+ * one.
+ *
+ * Revision 1.42 2002/01/17 21:00:32 jongfoster
+ * Moving all our URL and URL pattern parsing code to urlmatch.c.
+ *
+ * Using a single, simple url_match(pattern,url) function - rather than
+ * the 3-line match routine which was repeated all over the place.
+ *
+ * Renaming free_url to free_url_spec, since it frees a struct url_spec.
+ *
+ * Using parse_http_url() to parse URLs without faking a HTTP
+ * request line for parse_http_request().
+ *
+ * Revision 1.41 2001/11/13 00:14:07 jongfoster
+ * Fixing stupid bug now I've figured out what || means.
+ * (It always returns 0 or 1, not one of it's paramaters.)
+ *
+ * Revision 1.40 2001/10/26 17:37:55 oes
+ * - Re-enabled Netscape 200/404 bug workaround in block_url():
+ * - Removed OS/2 special case
+ * - Made block_url() independant from sed() having been run
+ * - Made trust_url independant from sed() having been run
+ * - Made is_imageurl independant from sed() having been run.
+ * It now checks User-Agent: and Accept: by itself.
+ *
+ *
+ * Revision 1.39 2001/10/25 03:40:48 david__schmidt
+ * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple
+ * threads to call select() simultaneously. So, it's time to do a real, live,
+ * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__
+ * (native). Both versions will work, but using __OS2__ offers multi-threading.
+ *
+ * Revision 1.38 2001/10/23 21:32:33 jongfoster
+ * Adding error-checking to selected functions
+ *
+ * Revision 1.37 2001/10/22 15:33:56 david__schmidt
+ * Special-cased OS/2 out of the Netscape-abort-on-404-in-js problem in
+ * filters.c. Added a FIXME in front of the offending code. I'll gladly
+ * put in a better/more robust fix for all parties if one is presented...
+ * It seems that just returning 200 instead of 404 would pretty much fix
+ * it for everyone, but I don't know all the history of the problem.
+ *
+ * Revision 1.36 2001/10/10 16:44:16 oes
+ * Added match_portlist function
+ *
+ * Revision 1.35 2001/10/07 15:41:23 oes
+ * Replaced 6 boolean members of csp with one bitmap (csp->flags)
+ *
+ * New function remove_chunked_transfer_coding that strips chunked
+ * transfer coding to plain and is called by pcrs_filter_response
+ * and gif_deanimate_response if neccessary
+ *
+ * Improved handling of zero-change re_filter runs
+ *
+ * pcrs_filter_response and gif_deanimate_response now remove
+ * chunked transfer codeing before processing the body.
+ *
+ * Revision 1.34 2001/09/20 15:49:36 steudten
+ *
+ * Fix BUG: Change int size to size_t size in pcrs_filter_response().
+ * See cgi.c fill_template().
+ *
+ * Revision 1.33 2001/09/16 17:05:14 jongfoster
+ * Removing unused #include showarg.h
+ *
+ * Revision 1.32 2001/09/16 13:21:27 jongfoster
+ * Changes to use new list functions.
+ *