httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Sloppy URLs (was Re: double slashes)
Date Tue, 07 Nov 1995 10:52:00 GMT
>  RST: THERE IS A BUG. Apache is NOT compatible with NCSA httpd in this
>  respect.
>
>No there is not --- NCSA 1.3 handles Alias comparisons the same way as
>the current 0.8.16 code --- by straight comparison with initial substrings.

Ooops; you are correct; I was wrong.

>The "ban //" hack is the one which *introduces* an incompatibility, which
>is the reason I am dead set to veto it.

Well, I still think the Apache (and NCSA) behaviour is pretty poor, and
that banning "//" would make it easier for users. Another example of lossage:

If you have a server-side include script which uses relative links,
then the client can get your script to include a different file.

e.g.
URL: /foo/bar/inc.shtml
<!--#include virtual="../somedoc.html"-->

If the client requests /foo/bar//inc.shtml, then
/foo/bar/somedoc.html is included, instead of /foo/somedoc.html

Apache 0.6.5 got this right.

If you don't like banning //, then how about issuing a redirect to the URL
without // ? (Until we can send a Base: header with HTTP/1.1)

  David.

Mime
View raw message