httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Günther Gsenger <guenther.gsen...@gmail.com>
Subject svn commit: r573831
Date Mon, 22 Oct 2007 19:03:25 GMT
Hi,

sorry I can't reply directly to this thread  
http://mail-archives.apache.org/mod_mbox/httpd-dev/200709.mbox/%3c46E3BFE1.9050004@apache.org%3e
 
- i only (re)subscribed to this list today after I found the thread.

> +/*
> + * Escapes a uri in a similar way as php's urlencode does.
> + * Based on ap_os_escape_path in server/util.c
> + */
> +static char *escape_uri(apr_pool_t *p, const char *path) {
> +    char *copy = apr_palloc(p, 3 * strlen(path) + 3);
> +    const unsigned char *s = (const unsigned char *)path;
> +    unsigned char *d = (unsigned char *)copy;
> +    unsigned c;
> +
> +    while ((c = *s)) {
> +        if (apr_isalnum(c) || c == '_') {
> +            *d++ = c;
> +        }
> +        else if (c == ' ') {
> +            *d++ = '+';
> +        }
> +        else {
> +            d = c2x(c, '%', d);
> +        }
> +        ++s;
> +    }
> +    *d = '\0';
> +    return copy;
> +}
> +
Ruediger Pluem:
> Does it make sense to duplicate code? Shouldn't this be placed in util.c?
It most likely should. I placed it there because I thought the patch would  
get a higher acceptance if it just touched mod_rewrite.

> +                    /* escape the backreference */
> +                    char *tmp2, *tmp;
> +                    tmp = apr_palloc(pool, span + 1);
> +                    strncpy(tmp, bri->source + bri->regmatch[n].rm_so,  
> span);
Ruediger Pluem:
> How about using apr_pstrndup instead?
Yes, I was not aware of that function.


André Malo:
> This spreads another uri escaper copy around. Why can't we take 
> ap_escape_uri? Without deep digging: what's the difference?
>Also I don't like the ' ' => '+' transition, which should not be applied  
> forpaths. It's safer to translate that always to %20, I guess.
The main difference is this escaping of ' ' to '+'. The reason for this is  
that while ' ' gets encoded as %20 in paths, it gets encoded as '+' in  
query strings (afaik for historic reasons). Therefore, languages which  
interpret the query string (like PHP) might get confused if they receive a  
%20 in the query string (or at least that was my concern).


André Malo:
> By the way, I'm wondering why nobody picked up the suggested use of the 
> escape rewrite map (or I overread it).
I don't know if that works but I developed the patch because it can be  
used in a directory-context and the RewriteMap can't.

I've created another patch, hopefully you'll like it better.

Regards,
Guenther
Mime
View raw message