Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DFF1810589 for ; Sun, 9 Mar 2014 13:35:00 +0000 (UTC) Received: (qmail 9127 invoked by uid 500); 9 Mar 2014 13:35:00 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 9074 invoked by uid 500); 9 Mar 2014 13:34:59 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 9064 invoked by uid 99); 9 Mar 2014 13:34:58 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Mar 2014 13:34:58 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Mar 2014 13:34:56 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 7C5141C3CD; Sun, 9 Mar 2014 13:34:35 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 49642] mod_rewrite mistakes encoded question mark as path/query string separator Date: Sun, 09 Mar 2014 13:34:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_rewrite X-Bugzilla-Version: 2.2.15 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: covener@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=49642 --- Comment #7 from Eric Covener --- (In reply to Anders Kaseorg from comment #5) > With this .htaccess file: > > RewriteEngine on > RewriteRule ^page/(.*)$ /cgi-bin/page.cgi/$1 > > a request for page/foo%23bar is rewritten to /cgi-bin/page.cgi/foo (the CGI > script sees PATH_INFO=/foo), and a request for page/foo%3fbar is rewritten > to /cgi-bin/page.cgi/foo?bar (the CGI script sees PATH_INFO=/foo and > QUERY_STRING=bar). I guess the cause is the same here, capturing and substituting the decoded characters and 'B' being unsafe to use in a general purpuse substitution (and requiring per-directory rewrite to allow the re-encoded strings to be decoded again by the core). I haven't looked in detail, but I think in the case of %23 it's the core splitting the URL later as opposed to mod_rewrite splittin the URL shortly after the substitution -- so the solution might be different. >From a workaround perspective, 1) What I would normally suggest here is capturing against %{THE_REQUEST} to deal exclusively with the client-encoded form of the request. 2) for the #, it would seem to be feasible to use [N] and replace #->&23 and not pollute every capturing rule. This doesn't work for ? because the split happens right away. >From a partial fix perspective, Unfortunately I do not really see a full/acceptable or non opt-in fix at this time 1) something like [B=#?] would allow a rule to be fine tuned a little better _after_ finding a problem. I actually like this one as a general tool. 2) an option to split the query string on the right-most question-mark (this by default would break a URL w/ a query passed in the query) 3) some option to remember that the ? was captured at the time we try to split it. Even this breaks captures against %{THE_REQUEST} in a rewritecond. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org