httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: # in file names...
Date Wed, 04 Oct 1995 13:41:16 GMT
> > > I missed off / from the list of acceptable characters, BTW.
> > > Remove & from the list if you like; but don't document this routine as
> > > somehow being a 'general URI encoding routine'.
> > 
> > OK, I've read the RFC a bit more carefully (blush). I see where you got your
> > list from, and I agree with the list, or at least this version of it:
> > 
> > A-Za-z0-9$-_.+!*'(),:@&=
> > 
> > However, we should either escape : or put ./ on the front (one less
> > character).
> Escaping : may be more broswer-safe, and it's a change local to a segment
> instead of global to the path.


> > I would suggest that the routine should be called escape_rfc1808_segment,
> > which makes it pretty clear what it is doing (at least to anyone with RFC1808
> > to hand). If everyone (who cares) is happy with this, I'll redo the patch,
> > again. Note that the routine _will_ escape /, to escape a path with
> > directories in, each segment will have to be individually escaped (I suggest
> > this method for better OS independence. / cannot appear in a filename under
> > Unix, but it certainly can on a Mac, and probably also on Win95). This will
> > not be a problem with the current use of the routine.
> Oerr, Apache on the Mac!

I didn't say I was going to do it, but it would be nice to know it was

> If you write escape_rfc1808_segment (or escape_path_segment as I would call it,
> with a reference to rfc1808 in the comments) then you will also need an
> escape_rfc1808_path (or escape_path) which splits up a path into
> segments, escapes each segment, and concatenates the segments again.
> For Apache at present this is, of course, equivalent to escape_rfc1808_segment,
> but allowing '/' unescaped.
> The call to escape_uri in mod_dir.c will become a call to
> escape_rfc1808_segment, and the other calls will become calls to
> escape_rfc1808_path. Of course, under UNIX mod_dir.c could equally well
> call escape_rfc1808_path.
> Note that it will take a significant amount of change to apache to work with
> an OS that allows '/' in filenames, as it already uses / for the segment
> separator. And does MacOS allow NULL characters in filenames?

I don't know if it allows NULs, but I doubt it, even Apple use C! Of course,
if my memory serves me, it uses ':' as a path separator. Perhaps these two
routines should be part of the (as yet nonexistent) OS support module, and
be called, respectively: os_convert_os_path_segment_to_url, and
os_convert_os_path_to_url, taking as input a raw OS segment/path, and giving a
converted and escaped URL segment/path (so on a Mac : would have been converted
to /, PC would have \ converted to / [though often the compiler libraries do
this anyway]). The inverse functions would also be needed.

> Also, the current CGI spec does not support / in path segments;
> for the URL http://host/cgi-bin/script/extra%2fdata
> the extra path segment cannot be passed to the script, as it would be
> decoded beforehand.

OK, so who fixes the CGI spec?   :-)

>  David.



Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email:
A.L. Digital Ltd,
London, England.

View raw message