httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61388] unescaped %0A (\n) within a RewriteMap prg: result can show other users requested sites
Date Mon, 07 Aug 2017 16:26:44 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61388

--- Comment #2 from tom.tao@protonmail.com ---
We use httpd.x86_64 (2.4.6-45.el7).

The rewritemap prg gets the raw query, unescapes it and prints (because of the
now unescaped %0A (newline)) 2 lines to stdout. This results in the following
behaviour:

User A requests file X and gets file X.
User B requests file Y and gets file Y
User A requests file Z%0Aanything.
>From now on the results User A and User B are receiving are random.
User A requests file X and gets file X or file Y or 404.
User B requests file X and gets file X or file Y or 404.
...
httpd -k graceful ...
everything's ok again.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message