A. Changes from Version (3.2.10)

New Features

(MODPYTHON-103) New req.add_output_filter(), req.add_input_filter(), req.register_output_fiter(), req.register_input_filter() methods. These allows the dynamic registration of filters and the attaching of filters to the current request.
(MODPYTHON-104) Support added for using Python in content being passed through "INCLUDES" output filter, or as more commonly referred to server side include (SSI) mechanism.
(MODPYTHON-108) Added support to cookies for httponly attribute, an extension originally created by Microsoft, but now getting more widespread use in the battle against cross site-scripting attacks.
(MODPYTHON-118) Now possible using the PythonImport directive to specify the name of a function contained in the module to be called once the designated module has been imported.
(MODPYTHON-124) New req.auth_name() and req.auth_type() methods. These return the values associated with the AuthName and AuthType directives respectively. The req.ap_auth_type has now also been made writable so that it can be set by an authentication handler.
(MODPYTHON-130) Added req.set_etag(), req.set_last_modified() and req.update_mtime() functions as wrappers for similar functions provided by Apache C API. These are required to effectively use the req.meets_condition() function. The documentation for req.meets_condition() has also been updated as what it previously described probably wouldn't actually work.
(MODPYTHON-132) New req.construct_url() method. Used to construct a fully qualified URI string incorporating correct scheme, server and port.
(MODPYTHON-144) The "apache.interpreter" and "apache.main_server" attributes have been made publically available. These were previously private and not part of the public API.
(MODPYTHON-149) Added support for session objects that span domains.
(MODPYTHON-153) Added req.discard_request_body() function as wrapper for similar function provided by Apache C API. The function tests for and reads any message body in the request, simply discarding whatever it receives.
(MODPYTHON-164) The req.add_handler(), req.register_input_filter() and req.register_output_filter() methods can now take a direct reference to a callable object as well a string which refers to a module or module::function combination by name.
(MODPYTHON-165) Exported functions from mod_python module to be used in other third party modules for Apache. The purpose of these functions is to allow those other modules to access the mechanics of how mod_python creates interpreters, thereby allowing other modules to also embed Python and for there not to be a conflict with mod_python.
(MODPYTHON-170) Added req._request_rec, server._server_rec and conn._conn_rec semi private members for getting accessing to underlying Apache struct as a Python CObject. These can be used for use in implementing SWIG bindings for lower level APIs of Apache. These members should be regarded as experimental and there are no guarantees that they will remain present in this specific form in the future.
(MODPYTHON-193) Added new attribute available as req.hlist.location. For a handler executed directly as the result of a handler directive within a Location directive, this will be set to the value of the Location directive. If LocationMatch, or wildcards or regular expressions are used with Location, the value will be the matched value in the URL and not the pattern.

Improvements

(MODPYTHON-27) When using mod_python.publisher, the __auth__() and __access__() functions and the __auth_realm__ string can now be nested within a class method as a well a normal function.
(MODPYTHON-90) The PythonEnablePdb configuration option will now be ignored if Apache hasn't been started up in single process mode.
(MODPYTHON-91) If running Apache in single process mode with PDB enabled and the "quit" command is used to exit that debug session, an exception indicating that the PDB session has been aborted is raised rather than None being returned with a subsequent error complaining about the handler returning an invalid value.
(MODPYTHON-93) Improved util.FieldStorage efficiency and made the interface more dictionary like.
(MODPYTHON-101) Force an exception when handler evaluates to something other than None but is otherwise not callable. Previously an exception would not be generated if the handler evaluated to False.
(MODPYTHON-107) Neither mod_python.publisher nor mod_python.psp explicitly flush output after writing the content of the response back to the request object. By not flushing output it is now possible to use the "CONTENT_LENGTH" output filter to add a "Content-Length" header.
(MODPYTHON-111) Note made in session documentation that a save is required to avoid session timeouts.
(MODPYTHON-125) The req.handler attribute is now writable. This allows a handler executing in a phase prior to the response phase to specify which Apache module will be responsible for generating the content.
(MODPYTHON-128) Made the req.canonical_filename attribute writable. Changed the req.finfo attribute from being a tuple to an actual object. For backwards compatibility the attributes of the object can still be accessed as if they were a tuple. New code however should access the attributes as member data. The req.finfo attribute is also now writable and can be assigned to using the result of calling the new function apache.stat(). This function is a wrapper for apr_stat().
(MODPYTHON-129) When specifying multiple handlers for a phase, the status returned by each handler is now treated the same as how Apache would treat the status if the handler was registered using the low level C API. What this means is that whereas stacked handlers of any phase would in turn previously be executed as long as they returned apache.OK, this is no longer the case and what happens is dependent on the phase. Specifically, a handler returning apache.DECLINED no longer causes the execution of subsequent handlers for the phase to be skipped. Instead, it will move to the next of the stacked handlers. In the case of PythonTransHandler, PythonAuthenHandler, PythonAuthzHandler and PythonTypeHandler, as soon as apache.OK is returned, subsequent handlers for the phase will be skipped, as the result indicates that any processing pertinent to that phase has been completed. For other phases, stacked handlers will continue to be executed if apache.OK is returned as well as when apache.DECLINED is returned. This new interpretation of the status returned also applies to stacked content handlers listed against the PythonHandler directive even though Apache notionally only ever calls at most one content handler. Where all stacked content handlers in that phase run, the status returned from the last handler becomes the overall status from the content phase.
(MODPYTHON-141) The req.proxyreq and req.uri attributes are now writable. This allows a handler to setup these values and trigger proxying of the current request to a remote server.
(MODPYTHON-142) The req.no_cache and req.no_local_copy attributes are now writable.
(MODPYTHON-143) Completely reimplemented the module importer. This is now used whenever modules are imported corresponding to any of the Python*Handler, Python*Filter and PythonImport directives. The module importer is still able to be used directly using the apache.import_module() function. The new module importer no longer supports automatic reloading of packages/modules that appear on the standard Python module search path as defined by the PythonPath directive or within an application by direct changes to sys.path. Automatic module reloading is however still performed on file based modules (not packages) which are located within the document tree where handlers are located. Locations within the document tree are however no longer added to the standard Python module search path automatically as they are maintained within a distinct importer search path. The PythonPath directive MUST not be used to point at directories within the document tree. To have additional directories be searched by the module importer, they should be listed in the mod_python.importer.path option using the PythonOption directive. This is a path similar to how PythonPath argument is supplied, but MUST not reference sys.path nor contain any directories also listed in the standard Python module search path. If an application does not appear to work under the module importer, the old module importer can be reenabled by setting the mod_python.legacy.importer option using the PythonOption directive to the value '*'. This option must be set in the global Apache configuration.
(MODPYTHON-152) When in a sub request, when a request is the result of an internal redirect, or when when returning from such a request, the req.main, req.prev and req.next members now correctly return a reference to the original Python request object wrapper first created for the specific request_rec instance rather than creating a new distinct Python request object. This means that any data added explicitly to a request object can be passed between such requests.
(MODPYTHON-178) When using mod_python.psp, if the PSP file which is the target of the request doesn't actually exist, an apache.HTTP_NOT_FOUND server error is now returned to the client rather than raising a ValueError exception which results in a 500 internal server error. Note that if using SetHandler and the request is against the directory and no DirectoryIndex directive is specified which lists a valid PSP index file, then the same apache.HTTP_NOT_FOUND server error is returned to the client.
(MODPYTHON-196) For completeness, added req.server.log_error() and req.connection.log_error(). The latter wraps ap_log_cerror() (when available), allowing client information to be logged along with message from a connection handler.
(MODPYTHON-206) The attribute req.used_path_info is now modifiable and can be set from within handlers. This is equivalent to having used the AcceptPathInfo directive.
(MODPYTHON-207) The attribute req.args is now modifiable and can be set from within handlers.

Bug Fixes

(MODPYTHON-38) Fixed issue when using PSP pages in conjunction with publisher handler or where a PSP error page was being triggered, that form parameters coming from content of a POST request weren't available or only available using a workaround. Specifically, the PSP page will now use any FieldStorage object instance cached as req.form left there by preceding code.
(MODPYTHON-43) Nested __auth__() functions in mod_python.publisher now execute in context of globals from the file the function is in and not that of mod_python.publisher itself.
(MODPYTHON-47) Fixed mod_python.publisher so it will not return a HTTP Bad Request response when mod_auth is being used to provide Digest authentication.
(MODPYTHON-63) When handler directives are used within Directory or DirectoryMatch directives where wildcards or regular expressions are used, the handler directory will be set to the shortest directory matched by the directory pattern. Handler directives can now also be used within Files and FilesMatch directives and the handler directory will correctly resolve to the directory corresponding to the enclosing Directory or DirectoryMatch directive, or the directory the .htaccess file is contained in.
(MODPYTHON-76) The FilterDispatch callback should not flush the filter if it has already been closed.
(MODPYTHON-84) The original change to fix the symlink issue for req.sendfile() was causing problems on Win32, plus code needed to be changed to work with APR 1.2.7.
(MODPYTHON-100) When using stacked handlers and a SERVER_RETURN exception was used to return an OK status for that handler, any following handlers weren't being run if appropriate for the phase.
(MODPYTHON-109) The Py_Finalize() function was being called on child process shutdown. This was being done though from within the context of a signal handler, which is generally unsafe and would cause the process to lock up. This function is no longer called on child process shutdown.
(MODPYTHON-112) The req.phase attribute is no longer overwritten by an input or output filter. The filter.is_input member should be used to determine if a filter is an input or output filter.
(MODPYTHON-113) The PythonImport directive now uses the apache.import_module() function to import modules to avoid reloading problems when same module is imported from a handler.
(MODPYTHON-114) Fixed race conditions on setting sys.path when the PythonPath directive is being used as well as problems with infinite extension of path.
(MODPYTHON-120) (MODPYTHON-121) Fixes to test suite so it will work on virtual hosting environments where localhost doesn't resolve to 127.0.0.1 but the actual IP address of the host.
(MODPYTHON-126) When Python*Handler or Python*Filter directive is used inside of a Files directive container, the handler/filter directory value will now correctly resolve to the directory corresponding to any parent Directory directive or the location of the .htaccess file the Files directive is contained in.
(MODPYTHON-133) The table object returned by req.server.get_config() was not being populated correctly to be the state of directives set at global scope for the server.
(MODPYTHON-134) Setting PythonDebug to Off, wasn't overriding On setting in parent scope.
(MODPYTHON-140) The util.redirect() function should be returning server status of apache.DONE and not apache.OK otherwise it will not give desired result if used in non content handler phase or where there are stacked content handlers.
(MODPYTHON-147) Stopped directories being added to sys.path multiple times when PythonImport and PythonPath directive used.
(MODPYTHON-148) Added missing Apache contants apache.PROXYREQ_RESPONSE and apache.HTTP_UPGRADE_REQUIRED. Also added new constants for Apache magic mime types and values for interpreting the req.connection.keepalive and req.read_body members.
(MODPYTHON-150) In a multithread MPM, the apache.init() function could be called more than once for a specific interpreter instance whereas it should only be called once.
(MODPYTHON-151) Debug error page returned to client when an exception in a handler occurred wasn't escaping special HTML characters in the traceback or the details of the exception.
(MODPYTHON-157) Wrong interpreter name used for fixup handler phase and earlier, when PythonInterpPerDirectory was enabled and request was against a directory but client didn't provide the trailing slash.
(MODPYTHON-159) Fix FieldStorage class so that it can handle multiline headers.
(MODPYTHON-160) Using PythonInterpPerDirective when setting content handler to run dynamically with req.add_handler() would cause Apache to crash.
(MODPYTHON-161) Directory argument supplied to req.add_handler() is canonicalized and a trailing slash added automatically. This is needed to ensure that the directory is always in POSIX path style as used by Apache and that convention where directories associated with directives always have trailing slash is adhered to. If this is not done, a different interpreter can be chosen to that expected when the PythonInterpPerDirective is used.
(MODPYTHON-166) PythonHandlerModule was not setting up registration of the PythonFixupHandler or PythonAuthenHandler. For the latter this meant that using Require directive with PythonHandlerModule would cause a 500 error and complaint in error log about "No groups file".
(MODPYTHON-167) When PythonDebug was On and and exception occurred, the response to the client had a status of 200 when it really should have been a 500 error status indicating that an internal error occurred. A 500 error status was correctly being returned when PythonDebug was Off.
(MODPYTHON-168) Fixed psp_parser error when CR is used as a line terminator in psp code. This may occur with some older editors such as GoLive on Mac OS X.
(MODPYTHON-175) Fixed problem whereby a main PSP page and an error page triggered from that page both accessing the session object would cause a deadlock.
(MODPYTHON-176) Fixed issue whereby PSP code would unlock session object which it had inherited from the caller meaning caller could no longer use it safely. PSP code will now only unlock session if it created it in the first place.
(MODPYTHON-179) Fixed the behaviour of req.readlines() when a size hint was provided. Previously, it would always return a single line when a size hint was provided.
(MODPYTHON-180) Publisher would wrongly output a warning about nothing to publish if req.write() or req.sendfile() used and data not flushed, and then published function returned None.
(MODPYTHON-181) Fixed memory leak when mod_python handlers are defined for more than one phase at the same time.
(MODPYTHON-182) Fixed memory leak in req.readline().
(MODPYTHON-184) Fix memory leak in apache.make_table(). This was used by util.FieldStorage class so affected all code using forms.
(MODPYTHON-185) Fixed segfault in psp.parsestring(src_string) when src_string is empty.
(MODPYTHON-187) Table objects could crash in various ways when the value of an item was NULL. This could occur for SCRIPT_FILENAME when the req.subprocess_env table was accessed in the post read request handler phase.
(MODPYTHON-189) Fixed representation returned by calling repr() on a table object.
(MODPYTHON-191) Session class will no longer accept a normal cookie if a signed cookie was expected.
(MODPYTHON-194) Fixed potential memory leak due to not clearing the state of thread state objects before deleting them.
(MODPYTHON-195) Fix potential Win32 resource leaks in parent Apache process when process restarts occur.
(MODPYTHON-198) Python 2.5 broke nested __auth__/__access__/__auth_realm__ in mod_python.publisher.
(MODPYTHON-200) Fixed problem whereby signed and marshalled cookies could not be used at the same time. When expecting marshalled cookie, any signed, but not marshalled cookies will be returned as normal cookies.