httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <>
Subject [PATCH] unescape_url() was called for proxy requests
Date Mon, 23 Mar 1998 14:42:31 GMT
In process_request_internal(), a check is made whether the URI contains
embedded %2F's, and if it does the request is immediately aborted with a
404 reply.

This breaks for, e.g., proxy requests which can legally contain %2F's
(and why should we care?). Example:


The question is whether the %2F's is important at all given the fact that
it is only part of the query arg, not part of the path. Perhaps the
unescape_url() call should be applied to r->parsed_uri.path instead (and
only if the request is not a proxy request) ?

What do you think?

| S I E M E N S |  <>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

View raw message