Message-Id: <199606142128.OAA05584@taz.hyperreal.com>
Subject: Re: WWW Form Bug Report: "incorrect processing of percent-sign char
 encoding in URL" on SunOS 4.x
To: davis@cs.cornell.edu
Date: Fri, 14 Jun 1996 16:27:59 -0500 (CDT)
From: Rob Hartill <robh@imdb.com>
In-Reply-To: <199606142100.OAA02048@taz.hyperreal.com> from
 "davis@cs.cornell.edu" at Jun 14, 96 02:00:30 pm
Organization: Internet Movie Database http://us.imdb.com/
Content-Type: text
Content-Length: 1368      
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


Thanks for the info. Sounds like you have a valid point. I'll
hand it over to our HTTP/CGI gurus to investigate.


>Submitter: davis@cs.cornell.edu
>Operating system: SunOS 4.x, version: 
>Version of Apache Used: 1.1b3
>Extra Modules used: 
>URL exhibiting problem: http://www.ncstrl.org/~davis/apache-bug.html
>
>Symptoms:
>--
>Attemping to invoke a Script when the PATH_INFO has a
>slash encoded as a %2f fails to find  the script.
>To demo the bug, try
>
>http://www.apache.org/cgi-bin/test-cgi/arg1/arg2%2farg3
>
>As far as I can tell, this should result in a PATH_INFO
>that is /arg1/arg2/arg3
>
>but instead gets an error.
>
>This bug is fatal for my application, NCSTRL
>(http://www.ncstrl.org), which is used at more than
>fifty universities in the US and Europe.  We
>just had our first site try to install NCSTRL
>on Apache for the first time, and they found the bug
>
>If I am misunderstanding HTTP, please correct me
>
>
>This only seems to happen with a slash, so for example
>changing %2f to %2e works fine, generating a period.
>
>This bug does not exist in the CERN or NCSA servers.
>You can try http://willow.tc.cornell.edu:8080/cgi-bin/test-cgi
>to see for yourself.
>
>
>--
>
>Backtrace:
>--
>
>--

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.