httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 49642] mod_rewrite mistakes encoded question mark as path/query string separator
Date Sun, 09 Mar 2014 13:32:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49642

--- Comment #6 from Anders Kaseorg <andersk@mit.edu> ---
I tried passing every unescaped and escaped character through mod_rewrite in a
loop, and came up with this list of escaping problems.

RewriteRule ^page/(.*)$ page.cgi/$1

page.cgi/foo%0abar: PATH_INFO="/foo\nbar"
page/foo%0abar: 404

page.cgi/foo%23bar: PATH_INFO="/foo#bar"
page/foo%23bar: PATH_INFO="/foo"

page.cgi/foo%25bar: PATH_INFO="/foo%bar"
page/foo%25bar: PATH_INFO="/foo\x{BA}r"

page.cgi/foo%3fbar: PATH_INFO="/foo?bar"
page/foo%3fbar: PATH_INFO="/foo" QUERY_STRING="bar"

(%0a is the regex’s fault in this case, since . doesn’t match newline by
default, but the problem doesn’t go away with a more careful regex like
(?s)\Apage/(.*)\z .)

I’ve seen some people recommend the [B] flag as a solution, so I tried that
too.  That comes with its own set of problems:

RewriteRule ^page/(.*)$ page.cgi/$1 [B]

page.cgi/foo%0abar: PATH_INFO="/foo\nbar"
page/foo%0abar: 404

page.cgi/foo%20bar: PATH_INFO="/foo bar"
page/foo%20bar: PATH_INFO="/foo+bar"

page.cgi/foo/bar: PATH_INFO="/foo/bar"
page/foo/bar: 404

I’m running apache2 2.4.7-1ubuntu1 on Ubuntu trusty amd64.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message