httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: escape_uri bug fix never applied
Date Sun, 01 Dec 1996 22:13:24 GMT
Brian Behlendorf wrote:
> 
> On Sun, 1 Dec 1996, Rob Hartill wrote:
> > Randy Terbush wrote:
> > 
> > 
> > >I guess we are still on hold waiting for commitment of a couple of patches.
> > >What else are we waiting on Rob?
> > 
> > Roy has 1 uncommitted (AFAIK) patch that nuked escape_uri (replaced by a
> > #define). It has Roy and my vote.
> 
> I have my doubts; the logic was
> 
> (Ben Laurie wrote:)
> > OK. The main reasons were that path escaping was platform dependent, at least
> > in theory, and that escape_uri() was broken.
> 
> (Roy Fielding wrote:)
> > crikey, then escape_uri() should have been removed and replaced with
> > a #define macro for os_escape_path.  I'll do that.
> 
> Huh?  Escaping to make something safe to the OS command line and escaping to
> make safe for URL embedding seem like two separate actions, which may have the
> same algorithm or may not.  Why collapse them?  

Errr ... escape_shell_cmd() is the one that does command lines. And it has a
completely different algorithm.

os_escape_path() was originally written as a replacement for escape_uri(). It
wasn't used globally in the first place, because it lacked the "partial"
argument. I fixed that a long time ago, but didn't follow up with escape_uri()
removal.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message