httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15028] New: - RedirectMatch does not escape properly
Date Tue, 03 Dec 2002 16:22:32 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15028>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15028

RedirectMatch does not escape properly

           Summary: RedirectMatch does not escape properly
           Product: Apache httpd-1.3
           Version: 1.3.26
          Platform: HP
        OS/Version: HP-UX
            Status: UNCONFIRMED
          Severity: Major
          Priority: Other
         Component: Other mods
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apache@shoenix.net


I have searched quite a lot, and the only thing I could find were postings
from about a year ago on this issue (Bug id 7503) however, this was in the
old bug tracking system and I could find no references for solutions for
apache 1.3.x. I have, however, re-written those early patches to work with
apache 1.3.x, but I got strange results and I have corrected them in a new
patch. I need confirmation that I have done the right thing. (or that I 
didn't ;))

The original problem is that RedirectMatch escapes the complete target URL,
which results in bad redirects if it contains '?' of '#' signs. escaped. The
prior patch for old bug id 7503 did solve this problem, but it causes the 
protocol and hostinfo part to get lost. I could not confirm with the original
writer of that patch, since there was no email listed. The 'Redirect' statement
does not pose this problem.

My (working) patch against mod_alias.c in apache 1.3.26 :

*** mod_alias.c.orig    Mon Nov 25 15:14:08 2002
--- mod_alias.c Tue Dec  3 16:18:52 2002
***************
*** 313,319 ****
                    found = ap_pregsub(r->pool, p->real, r->uri,
                                    p->regexp->re_nsub + 1, regm);
                    if (found && doesc) {
!                       found = ap_escape_uri(r->pool, found);
                    }
                }
                else {
--- 313,335 ----
                    found = ap_pregsub(r->pool, p->real, r->uri,
                                    p->regexp->re_nsub + 1, regm);
                    if (found && doesc) {
! /*                    found = ap_escape_uri(r->pool, found); */
!                         uri_components uri;
!                       ap_parse_uri_components(r->pool, found, &uri);
!                       if (uri.scheme) {
!                          /* Reconstruct complete URL */
!                            found = ap_pstrcat(r->pool, uri.scheme, "://", 
uri.hostinfo, NULL);
!                            found = ap_pstrcat(r->pool, found, ap_escape_uri(r-
>pool, uri.path),
 NULL);
!                       } else {
!                          /* See it as a relative URL */
!                            found = ap_escape_uri(r->pool, uri.path);
!                       }
!                         if (uri.query) {
!                             found = ap_pstrcat(r->pool, found, "?", 
uri.query, NULL);
!                         }
!                         else if (uri.fragment) {
!                             found = ap_pstrcat(r->pool, found, "#", 
uri.fragment, NULL);
!                         }
                    }
                }
                else {

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message