Index: apache-1.3/src/main/http_main.c
diff -u apache-1.3/src/main/http_main.c:1.325 apache-1.3/src/main/http_main.c:1.354
--- apache-1.3/src/main/http_main.c:1.325	Sun Apr 19 13:10:46 1998
+++ apache-1.3/src/main/http_main.c	Wed May 20 21:07:21 1998
@@ -329,13 +329,85 @@
 static pool *pchild;		/* Pool for httpd child stuff */
 static pool *pcommands;	/* Pool for -C and -c switches */
 
-static int APACHE_TLS my_pid;		/* it seems silly to call getpid all the time */
+static int APACHE_TLS my_pid;	/* it seems silly to call getpid all the time */
 #ifndef MULTITHREAD
 static int my_child_num;
 #endif
 
 scoreboard *ap_scoreboard_image = NULL;
 
+/*
+ * Pieces for managing the contents of the Server response header
+ * field.
+ */
+static char *server_version = NULL;
+static int version_locked = 0;
+
+/* Global, alas, so http_core can talk to us */
+enum server_token_type ap_server_tokens = SrvTk_FULL;
+
+/*
+ * This routine is called when the pconf pool is vacuumed.  It resets the
+ * server version string to a known value and [re]enables modifications
+ * (which are disabled by configuration completion).
+ */
+static void reset_version(void *dummy)
+{
+    version_locked = 0;
+    ap_server_tokens = SrvTk_FULL;
+    server_version = NULL;
+}
+
+API_EXPORT(const char *) ap_get_server_version()
+{
+    return (server_version ? server_version : SERVER_BASEVERSION);
+}
+
+API_EXPORT(void) ap_add_version_component(const char *component)
+{
+    if (! version_locked) {
+        /*
+         * If the version string is null, register our cleanup to reset the
+         * pointer on pool destruction. We also know that, if NULL,
+	 * we are adding the original SERVER_BASEVERSION string.
+         */
+        if (server_version == NULL) {
+	    ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version, 
+				ap_null_cleanup);
+	    server_version = ap_pstrdup(pconf, component);
+	}
+	else {
+	    /*
+	     * Tack the given component identifier to the end of
+	     * the existing string.
+	     */
+	    server_version = ap_pstrcat(pconf, server_version, " ",
+					component, NULL);
+	}
+    }
+}
+
+/*
+ * This routine adds the real server base identity to the version string,
+ * and then locks out changes until the next reconfig.
+ */
+static void ap_set_version()
+{
+    if (ap_server_tokens == SrvTk_MIN) {
+	ap_add_version_component(SERVER_BASEVERSION);
+    }
+    else {
+	ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
+    }
+    /*
+     * Lock the server_version string if we're not displaying
+     * the full set of tokens
+     */
+    if (ap_server_tokens != SrvTk_FULL) {
+	version_locked++;
+    }
+}
+
 static APACHE_TLS int volatile exit_after_unblock = 0;
 
 /* a clean exit from a child with proper cleanup */
@@ -793,7 +865,7 @@
 static void usage(char *bin)
 {
     char pad[MAX_STRING_LEN];
-    int i;
+    unsigned i;
 
     for (i = 0; i < strlen(bin); i++)
 	pad[i] = ' ';
@@ -1277,18 +1345,18 @@
 
     fd_max = 0;
     FD_ZERO(&writable_fds);
-    for (ocr = other_children; ocr; ocr = ocr->next) {
-	if (ocr->write_fd == -1)
-	    continue;
-	FD_SET(ocr->write_fd, &writable_fds);
-	if (ocr->write_fd > fd_max) {
-	    fd_max = ocr->write_fd;
+    do {
+	for (ocr = other_children; ocr; ocr = ocr->next) {
+	    if (ocr->write_fd == -1)
+		continue;
+	    FD_SET(ocr->write_fd, &writable_fds);
+	    if (ocr->write_fd > fd_max) {
+		fd_max = ocr->write_fd;
+	    }
 	}
-    }
-    if (fd_max == 0)
-	return;
+	if (fd_max == 0)
+	    return;
 
-    do {
 	tv.tv_sec = 0;
 	tv.tv_usec = 0;
 	rc = ap_select(fd_max + 1, NULL, &writable_fds, NULL, &tv);
@@ -1834,8 +1902,17 @@
 	conn_rec *c = r->connection;
 	ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
 			      REMOTE_NOLOOKUP), sizeof(ss->client));
-	ap_cpystrn(ss->request, (r->the_request ? r->the_request :
-			      "NULL"), sizeof(ss->request));
+    if (r->the_request == NULL) {
+		ap_cpystrn(ss->request, "NULL", sizeof(ss->request));
+	} else if (r->parsed_uri.password == NULL) {
+		ap_cpystrn(ss->request, r->the_request, sizeof(ss->request));
+	} else {
+	    /* Don't reveal the password in the server-status view */
+		ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ",
+					   ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD),
+					   r->assbackwards ? NULL : " ", r->protocol, NULL),
+				   sizeof(ss->request));
+	}
 	ap_cpystrn(ss->vhost, r->server->server_hostname, sizeof(ss->vhost));
     }
 #endif
@@ -2953,14 +3135,8 @@
 
 static void show_compile_settings(void)
 {
-#ifdef SERVER_SUBVERSION
-    printf("Server base version: %s\n", SERVER_BASEVERSION);
-    printf("Server sub-version:  %s\n", SERVER_SUBVERSION);
-    printf("Server built:        %s\n", ap_get_server_built());
-#else
     printf("Server version: %s\n", ap_get_server_version());
     printf("Server built:   %s\n", ap_get_server_built());
-#endif
     printf("Server's Module Magic Number: %u\n", MODULE_MAGIC_NUMBER);
     printf("Server compiled with....\n");
 #ifdef BIG_SECURITY_HOLE
@@ -3993,10 +4241,12 @@
 	    ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
 	    break;
 	case 'v':
+	    ap_set_version();
 	    printf("Server version: %s\n", ap_get_server_version());
 	    printf("Server built:   %s\n", ap_get_server_built());
 	    exit(0);
 	case 'V':
+	    ap_set_version();
 	    show_compile_settings();
 	    exit(0);
 	case 'h':
@@ -4041,7 +4287,9 @@
 
     if (ap_standalone) {
 	ap_open_logs(server_conf, pconf);
+	ap_set_version();
 	ap_init_modules(pconf, server_conf);
+	version_locked++;
 	STANDALONE_MAIN(argc, argv);
     }
     else {
