httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <>
Subject Re: [users@httpd] mod_autoindex and filenames containing "%"
Date Mon, 20 Oct 2003 05:24:24 GMT
Leif W:
> This seems like a bug to me.  Why does mod_autoindex care about what the
> filenames are?  And why does it bother tinkering with an unescape, munging
> "status" of a file's string, and swallow up something it deems unsafe?

As I understood the OP's conclusions, and from my own source examination,
mod_autoindex posts the request as a sub_request in order to get necessary
information about the file/directory. This one is expecting a URI, so of
course it unescapes it before further processing. As I see it, the "bug" in
mod_autoindex would be that it doesn't URI-escape the filename before
sending it to the sub_request function.

I think it is safe to file this as a bug, if it isn't already in the
database; I was also able to reproduce this incorrect behaviour on both
Linux and Windows.

Robert Andersson

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message