httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 49642] mod_rewrite mistakes encoded question mark as path/query string separator
Date Sun, 09 Mar 2014 13:32:38 GMT

--- Comment #6 from Anders Kaseorg <> ---
I tried passing every unescaped and escaped character through mod_rewrite in a
loop, and came up with this list of escaping problems.

RewriteRule ^page/(.*)$ page.cgi/$1

page.cgi/foo%0abar: PATH_INFO="/foo\nbar"
page/foo%0abar: 404

page.cgi/foo%23bar: PATH_INFO="/foo#bar"
page/foo%23bar: PATH_INFO="/foo"

page.cgi/foo%25bar: PATH_INFO="/foo%bar"
page/foo%25bar: PATH_INFO="/foo\x{BA}r"

page.cgi/foo%3fbar: PATH_INFO="/foo?bar"
page/foo%3fbar: PATH_INFO="/foo" QUERY_STRING="bar"

(%0a is the regex’s fault in this case, since . doesn’t match newline by
default, but the problem doesn’t go away with a more careful regex like
(?s)\Apage/(.*)\z .)

I’ve seen some people recommend the [B] flag as a solution, so I tried that
too.  That comes with its own set of problems:

RewriteRule ^page/(.*)$ page.cgi/$1 [B]

page.cgi/foo%0abar: PATH_INFO="/foo\nbar"
page/foo%0abar: 404

page.cgi/foo%20bar: PATH_INFO="/foo bar"
page/foo%20bar: PATH_INFO="/foo+bar"

page.cgi/foo/bar: PATH_INFO="/foo/bar"
page/foo/bar: 404

I’m running apache2 2.4.7-1ubuntu1 on Ubuntu trusty amd64.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message