httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44922] RewriteRules in .htaccess erroneously inject PATH_INFO
Date Sat, 02 Aug 2008 10:36:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44922





--- Comment #3 from Aleksander Budzynowski <budzynowski@gmail.com>  2008-08-02 03:36:05
PST ---
"This is after all the swiss army knife of httpd."

And within .htaccess files it is more like a pair of plastic scissors because
of this bug.


Let me try to better explain the cause of the problem:

I have only seen it happen during RewriteRules in .htaccess files. This late in
the process, if the request is for a file in a non-existent directory (which I
might add is the kind of situation you often want to use mod_rewrite for), the
path will be split across r->filename and r->path_info.

Clearly the two parts need to be merged before a substitution is made. The
current code does this.

After a rule matches, the entire resultant path is saved to r->filename. This
renders the contents of r->path_info invalid. However, the code does not do
anything about this! If any subsequent rules match, the out-of-date
r->path_info will be injected again. Herein lies the problem.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message