httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: uploaded 37_tilde_ok.0.8.15.patch
Date Mon, 30 Oct 1995 09:59:43 GMT
> 
> One of the earlier releases that I didn't test on my server changed
> the handling of patch escapes such that all FancyIndex URL paths
> are escaped.  Unfortunately, Apache uses the "~" character for default
> user directory prefixes.  The result is that Apache 0.8.15 is changing
> the URL from /~user to /%7euser in a rather arbitrary fashion.

Huh? I can't find code that does this via mod_dir anywhere? As far as I can
see, mod_dir paths are always relative. How do I reproduce this problem?
Besides, is this the correct way to fix the problem? What if the file really
starts with a ~?

> This is bad, even though it may be considered as being RFC 1738 compliant,
> since we (the authors of the URL specs) are planning on including tilde
> in the allowed character set anyway the next time the specs are revised.

As mentioned above, what about the case when there is a real file starting
with ~? I know that this is a stupid thing to do, but the RFC doesn't require
the user to be sensible.

> 
> In any case, it is guaranteed to cause users to complain and muck up
> a browser's history file.
> 
> This is 37_tilde_ok.0.8.15.patch:
> 
> From: Roy Fielding <fielding@ics.uci.edu>
> Subject: Changes path escaping to allow the tilde "~" character in paths.
> Affects: util.c
> ChangeLog: Do not escape tilde "~" character during the creation of
>            FancyIndexes
> Comments: Yes, I know it isn't strictly according to RFC 1738, but that
>           document is overly restrictive (i.e., wrong) in that regard
>           and will be changed in the next revision.
> 
> *** util.c.dist	Tue Oct 10 15:10:23 1995
> --- util.c	Mon Oct 30 00:08:29 1995
> ***************
> *** 503,509 ****
>       for(x=0,y=0; segment[x]; x++,y++) {
>         char c=segment[x];
>         if((c < 'A' || c > 'Z') && (c < 'a' || c > 'z') &&
(c < '0' || c >'9')
> ! 	 && ind("$-_.+!*'(),:@&=",c) == -1)
>   	{
>   	  c2x(c,&copy[y]);
>   	  y+=2;
> --- 503,509 ----
>       for(x=0,y=0; segment[x]; x++,y++) {
>         char c=segment[x];
>         if((c < 'A' || c > 'Z') && (c < 'a' || c > 'z') &&
(c < '0' || c >'9')
> ! 	 && ind("$-_.+!*'(),:@&=~",c) == -1)
>   	{
>   	  c2x(c,&copy[y]);
>   	  y+=2;
> ***************
> *** 530,536 ****
>       {
>         char c=*path;
>         if((c < 'A' || c > 'Z') && (c < 'a' || c > 'z') &&
(c < '0' || c >'9')
> ! 	 && ind("$-_.+!*'(),:@&=/",c) == -1)
>   	{
>   	  c2x(c,s);
>   	  s+=3;
> --- 530,536 ----
>       {
>         char c=*path;
>         if((c < 'A' || c > 'Z') && (c < 'a' || c > 'z') &&
(c < '0' || c >'9')
> ! 	 && ind("$-_.+!*'(),:@&=/~",c) == -1)
>   	{
>   	  c2x(c,s);
>   	  s+=3;

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk
A.L. Digital Ltd,
London, England.

Mime
View raw message