Received: by taz.hyperreal.com (8.6.12/8.6.5) id CAA17970; Wed, 4 Oct 1995 02:30:18 -0700 Received: from arachnet.algroup.co.uk by taz.hyperreal.com (8.6.12/8.6.5) with SMTP id CAA17925; Wed, 4 Oct 1995 02:29:22 -0700 Received: from heap.ben.algroup.co.uk by arachnet.algroup.co.uk id aa28753; 4 Oct 95 10:28 BST Received: from gonzo.ben.algroup.co.uk by heap.ben.algroup.co.uk id aa13939; 4 Oct 95 10:30 BST Subject: Re: # in file names... To: new-httpd@hyperreal.com Date: Wed, 4 Oct 1995 09:54:25 +0100 (BST) From: Ben Laurie In-Reply-To: from "David Robinson" at Oct 3, 95 11:11:00 am X-Mailer: ELM [version 2.4 PL24 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1673 Message-ID: <9510040954.aa07866@gonzo.ben.algroup.co.uk> Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@apache.org > > > Maybe so, however, I see no reason to leave these characters unescaped. It > > only improves the system ever so slightly, and may break later when Apache > > supports new semantics. > > Which is exactly why I think that unescape_uri should be quite specific > to http paths. Any other behaviour is pretty much guaranteed to be wrong > for other semantics; it's hopeless to try and second guess future > developments. > > I missed off / from the list of acceptable characters, BTW. > Remove & from the list if you like; but don't document this routine as > somehow being a 'general URI encoding routine'. OK, I've read the RFC a bit more carefully (blush). I see where you got your list from, and I agree with the list, or at least this version of it: A-Za-z0-9$-_.+!*'(),:@&= However, we should either escape : or put ./ on the front (one less character). I would suggest that the routine should be called escape_rfc1808_segment, which makes it pretty clear what it is doing (at least to anyone with RFC1808 to hand). If everyone (who cares) is happy with this, I'll redo the patch, again. Note that the routine _will_ escape /, to escape a path with directories in, each segment will have to be individually escaped (I suggest this method for better OS independence. / cannot appear in a filename under Unix, but it certainly can on a Mac, and probably also on Win95). This will not be a problem with the current use of the routine. > David. Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Freelance Consultant Fax: +44 (181) 994 6472 and Technical Director Email: ben@algroup.co.uk A.L. Digital Ltd, London, England.