httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46798] New: mod_proxy_ftp can't retrieve files with wildcards in their names
Date Wed, 04 Mar 2009 13:56:22 GMT

           Summary: mod_proxy_ftp can't retrieve files with wildcards in
                    their names
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: PatchAvailable
          Severity: enhancement
          Priority: P2
         Component: mod_proxy

Created an attachment (id=23328)
 --> (
Patch to implement the proposed change

We need to be able to serve files whose names contain wildcards using
mod_proxy_ftp.  Right now, mod_proxy_ftp provides a file listing when
it sees wildcards in the filename requested, which is reasonable for
interactive browsing of an FTP site.  In this case, though, we need to
actually get files with those names, and we don't need the browsing
function (we already know the filenames).  Unfortunately, we don't
control the filenames, or we'd just use filenames without wildcards
and avoid all this.

The solution I'm thinking about is to add a directive to allow
selectively disabling the behavior of doing file listings when
wildcards are seen in the requested filename.  E.g.:

  The ProxyFtpListOnWildcard directive controls whether wildcard
  characters ("*?[{~") in requested filenames cause mod_proxy_ftp to
  return a listing of files instead of downloading a file.  By default
  (value on), they do.  Set to "off" to allow downloading files even
  if they have wildcard characters in their names.  (directory

I'd appreciate comments on this approach, and my proposed
implementation (patch against trunk is attached).  

Also, in testing that change, I found that mod_proxy_ftp escapes
wildcards in filenames using backslashes when sending them to the FTP
server, which none of the FTP servers I was testing with understood.
As I recall, I tried vsftpd, proftpd, and Apache FTP server.
To continue with my testing, I added another directive to turn that
behavior off, but I'd like to better understand why that behavior is
there, since it appears to assume a behavior that my FTP servers don't
have, and doesn't seem to be mentioned in RFC 959.  

>From what I know so far, I think this escaping should just be removed.
I don't think this escaping could ever have been used
before, since any paths with globbing characters in them would have
triggered a file listing, which doesn't do the escaping.  So until now,
Apache would never have tried to retrieve any file with globbing
characters in its name. 

But for now, the attached patch has a directive to control this and
leaves the current behavior as the default.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message