httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] mod_autoindex and filenames containing "%"
Date Mon, 20 Oct 2003 05:24:24 GMT
Leif W:
> This seems like a bug to me.  Why does mod_autoindex care about what the
> filenames are?  And why does it bother tinkering with an unescape, munging
the
> "status" of a file's string, and swallow up something it deems unsafe?

As I understood the OP's conclusions, and from my own source examination,
mod_autoindex posts the request as a sub_request in order to get necessary
information about the file/directory. This one is expecting a URI, so of
course it unescapes it before further processing. As I see it, the "bug" in
mod_autoindex would be that it doesn't URI-escape the filename before
sending it to the sub_request function.

I think it is safe to file this as a bug, if it isn't already in the
database; I was also able to reproduce this incorrect behaviour on both
Linux and Windows.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message