httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18805] Problem Obtaining Files Named with ASCII Special Characters
Date Mon, 02 Nov 2009 23:55:41 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=18805

Nick Kew <nick@webthing.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|                            |WORKSFORME

--- Comment #4 from Nick Kew <nick@webthing.com> 2009-11-02 15:55:37 UTC ---
Following up to this 'cos I got email after my recent update, and the reply
might be of interest to others reading this report.

> 2) Now, with any browser anywhere, request http://hostname/joaquĆ­n.jpg.

That would need to be http://localhost/joaqu%C3%ADn.html

Other encodings would fail on a utf-8 platform.

> The browser will "do the right thing" as per the spec : any character in that
> URL that is not a member of the US-ASCII character set (nor forbidden,
> reserved, etc) will be escaped as %xy, before the request is sent to the httpd
> server.
> 3) you will get a 403 Forbidden answer from Apache (2.2.9, Win32).

Haven't confirmed, but I expect that's what happens when you send something in
an encoding that can't legitimately map to your filesystem, and it looks like a
cracking attempt.

Come to think of it, that looks like the problem with the OP too.  I'll close
this, and suggest that anyone who wants to re-open provide detail that there is
an issue other than inconsistent encoding on some platform.  I guess
"worksforme" covers both the cases of Invalid and Fixed.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message