httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Yet another URL-encoding bug
Date Fri, 13 Oct 1995 17:45:00 GMT
Yet another URL-encoding bug:
Redirect /wibble/ http://aserver/dir/

accessing http://myserver/wibble/heelo%25.html
generates a redirect to the Location: http://aserver/dir/heelo%.html

mod_alias.c was not re-escaping the incoming URL for the redirect.

I've uploaded 26_redirect2.0.8.14.patch to hyperreal.com in the
for_Apache_0.8.14 directory (for the lack of a better place).
This patch calls escape_uri to fix the problem.

I would rather use os_escape_path() to escape the URI, but unfortunately, that
would break on requests with a ':' - e.g.
http://myserver/wibble/hello:.html would return a Location: of
http://aserver/dir/./hello:.html

My preferred solution would be to change os_escape_path() so that it escapes
':' - that way it can be called on both relative and absolute paths.
I think that is much neater than having two routines.

I've also copied across the QNX port patch.

 David.

26_redirect2.0.8.14.patch:
  From: drtr@ast.cam.ac.uk (David Robinson)
  Subject: Fix handling of % in Redirect command
  Affects: mod_alias.c
  ChangeLog: Escape the URI before generating the redirect.

27_qnx.0.8.14.patch:
  Subject: QNX Port
  Affects: alloc.c conf.h http_main.c rfc931.c util.c Configuration
  Changelog: QNX Port
  Comments: This patch also removes some redundant headers (not gratuitously,
          they had to go on QNX anyway, and were already included in some other
          local header). It also adds a debugging convenience; SIGSEGV and
          SIGBUS are not caught when in debug mode (-X flag). This makes
          running under some debuggers better.


Mime
View raw message