httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34602] - mod_rewrite fails to correctly deal with URLS that have escapes in them
Date Mon, 12 Mar 2007 00:02:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34602>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34602





------- Additional Comments From michael@chunkycow.com.au  2007-03-11 17:02 -------
This bug is a killer for me using PHP and it`s URLENCODE function.
Basically this encodes a space as a literal '+' in the url and escapes a literal
'+' as %2b, the problem is that once we hit the RewriteRule the space is still
encoded as a literal '+' and the literal '%2b' is decoded to be a literal '+'
aswell.
As you can imagine the RewriteMap solution dosen`t work and I`m left with no
solution but to double encode which is horrible.
Is there a reason that one must decode the hex entities before the use of the
RewriteRules and is it due to the 'being a path' way of thinking as alot more
URLs are not only used as a path to a resource but to pass information aswell.

This is what i`d like to see:

# accept a-zA-Z and %2b(escaped '+')
RewriteRule ^resource/([a-z]|%2b)+$ /resource.ext?data=$1 [NC]

This would still fail on say '/resource/info%' as it`s not the sequence %2b etc
and would use the first matching rule for something like:

RewriteRule ^resource/([a-z]|%2|%2b)+$ /resource.ext?data=$1 [NC]
'/resource/%2'.

I`d love to hear everyone's opinion on this as I`m not sure if it would be the
correct way to handle it or if it would lead to security concerns etc,
If there is agreement I`ll have a stab at implementing it and see where it
leads, if it is fundamentaly wrong and you have some resources I would love to
know that too.
Thanks 
Michael

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message