httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject [PATCH] unescape_url() was called for proxy requests
Date Mon, 23 Mar 1998 14:42:31 GMT
In process_request_internal(), a check is made whether the URI contains
embedded %2F's, and if it does the request is immediately aborted with a
404 reply.

This breaks for, e.g., proxy requests which can legally contain %2F's
(and why should we care?). Example:

  GET http://www.novalis.fr/novalis-bin/rech_disqv?donnee_appel=NOVALIS&suite=&type=2&id=6009890655716&ld-titre=&ld-chanson=&ld-interprete=&ld-compositeur=magnard&ld-interprete=&ld-titre=&ld-support=&ld-genre=&go=Rechercher+%2F+Search
HTTP/1.0

The question is whether the %2F's is important at all given the fact that
it is only part of the query arg, not part of the path. Perhaps the
unescape_url() call should be applied to r->parsed_uri.path instead (and
only if the request is not a proxy request) ?

What do you think?

    Martin
-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message