httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: no2slash - apache 0.8.2
Date Mon, 24 Jul 1995 18:08:00 GMT
>util.c's no2slash() pounds on r->uri and removes '/' characters
>according to some arcane, ancient and possibly pagan law.

no2slash() is attempt to work round a 'feature' of the UNIX filesystem,
namely that it ignores null path components. The correct solution is to
'fix' the inteface to the filesystem; i.e. reject with 404 Not Found
any URL which maps to a filename containing '//'. I think this needs to
be done in directory_walk().

In the same way, translated path components containing '/' or NULL should
be rejected, as these are the only two characters not permitted in a
unix directory entry.

>I can put anything in the QUERY_STRING:
>   http://localhost/cgi-bin/my-prog?HTTP_REFERER=http://somewhere.com/
>
>but I can't use PATH_INFO in the same way:
>
>   http://localhost/cgi-bin/my-prog/HTTP_REFERER=http://somewhere.com/

This isn't really an appropriate use of PATH_INFO, which is for a slash-
separated heirachical structure. It's not for 'parameters', but for
'sub-resources' of your CGI script. 

 David.

Mime
View raw message