Return-Path: 
 <cvs-return-47340-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 07552D86B
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Tue, 21 May 2013 19:34:20 +0000 (UTC)
Received: (qmail 12140 invoked by uid 500); 21 May 2013 19:34:16 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 11994 invoked by uid 500); 21 May 2013 19:34:16 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 10216 invoked by uid 99); 21 May 2013 19:34:13 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 19:34:13 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 19:34:12 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id A12C22388906;
	Tue, 21 May 2013 19:33:52 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1484915 -
 /httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
Date: Tue, 21 May 2013 19:33:52 -0000
To: cvs@httpd.apache.org
From: rjung@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130521193352.A12C22388906@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: rjung
Date: Tue May 21 19:33:52 2013
New Revision: 1484915

URL: http://svn.apache.org/r1484915
Log:
Don't do double percent decoding.

msgID is part of path_info, which is already
percent decoded. Double decoding here can lead
to path traversal issues and similar problems.

Clients sending a double encoded msgID are in
error. It seems currently all pages generated by
mod_mbox itself only contain correct single encoded
links.

Modified:
    httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c

Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
URL: http://svn.apache.org/viewvc/httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c?rev=1484915&r1=1484914&r2=1484915&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c Tue May 21 19:33:52 2013
@@ -958,8 +958,6 @@ int mbox_raw_message(request_rec *r, apr
         part++;
     }
 
-    ap_unescape_url(msgID);
-
     /* Fetch message */
     m = fetch_message(r, f, msgID);
     if (!m) {
@@ -1123,7 +1121,6 @@ int mbox_static_message(request_rec *r, 
     baseURI = get_base_uri(r);
 
     msgID = r->path_info + 1;
-    ap_unescape_url(msgID);
 
     /* msgID should be the part of the URI that Apache could not resolve
      * on its own.  Grab it and skip over the expected /. */
@@ -1241,7 +1238,6 @@ apr_status_t mbox_xml_message(request_re
 
     /* Here, we skip 6 chars (/ajax/). */
     msgID = r->path_info + 6;
-    ap_unescape_url(msgID);
 
     m = fetch_message(r, f, msgID);
     if (!m) {