httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1760444 - in /httpd/httpd/trunk: CHANGES server/gen_test_char.c
Date Mon, 12 Sep 2016 20:15:26 GMT
Author: wrowe
Date: Mon Sep 12 20:15:26 2016
New Revision: 1760444

URL: http://svn.apache.org/viewvc?rev=1760444&view=rev
Log:
Review of IE 11, Firefox 48 and Chrome 53 all indicate that ';' URI characters
are transmitted unencoded, per RFC3986 section 3.3 grammer. Correct httpd's
behavior to not encode ';' in proxied URI's or Location: response headers.


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/gen_test_char.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1760444&r1=1760443&r2=1760444&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Sep 12 20:15:26 2016
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Permit unencoded ';' characters to appear in proxy requests and
+     Location: response headers. Corresponds to modern browser behavior.
+     [William Rowe]
+
   *) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in
      use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]
 

Modified: httpd/httpd/trunk/server/gen_test_char.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/gen_test_char.c?rev=1760444&r1=1760443&r2=1760444&view=diff
==============================================================================
--- httpd/httpd/trunk/server/gen_test_char.c (original)
+++ httpd/httpd/trunk/server/gen_test_char.c Mon Sep 12 20:15:26 2016
@@ -113,7 +113,7 @@ int main(int argc, char *argv[])
             flags |= T_ESCAPE_PATH_SEGMENT;
         }
 
-        if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) {
+        if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:;@&=/~", c)) {
             flags |= T_OS_ESCAPE_PATH;
         }
 



Mime
View raw message