httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: Broken URI-unescaping
Date Thu, 13 Sep 2007 14:07:42 GMT
On Sun, 9 Sep 2007 01:21:29 +0100
Nick Kew <nick@webthing.com> wrote:

> PR 41798 and many related ones (eg 39746, 38980 - both of which I've
> closed today) show a history of incorrect URL-unescaping in mod_proxy.

Since then I've found several more duplicates in bugzilla.
Furthermore, it's not limited to mod_proxy, as evidenced by
PR#35256 (which I was on the point of entering anew when I
found it).  The simple patch to 35256 fixes the specific
instance of un-breaking AllowEncodedSlashes, but what proxy
could use is to be able to generalise that: maybe
AllowEncodedChars [whatever].

There's a related class of issues concerning URLs and charset,
in PR#18805 and PR#32730.  This could probably be hacked around
by pre-processing URLs in a post_read_request hook, but it would
seem cleaner to tackle it when we run ap_unescape_url.

I wonder if there's a case for an unescape_url hook, or for the 
existing unescape_url to be punted to a post_read_request function?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message