httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject [BUG?] /cgi-bin/foo/bar%2fbaz
Date Sun, 06 Apr 1997 06:48:00 GMT
If foo is a script, and you try to access foo/bar/baz, it will run foo and
pass /bar/baz as PATH_INFO.  If you try to access foo/bar%2fbaz, it will
return NOT_FOUND because of unescape_url in util.c:

                if (url[x] == '/' || url[x] == '\0') badpath = 1;

Smells like a bug.  Once again (sigh) no time to look more deeply, would
appreciate if someone familiar with that area take a look...


Mime
View raw message