httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] mod_autoindex and filenames containing "%"
Date Tue, 21 Oct 2003 16:58:24 GMT
> ----- Original Message ----- 
> From: "Robert Andersson" <robert@profundis.nu>
> To: <users@httpd.apache.org>
> Sent: Monday, October 20, 2003 1:24 AM
> Subject: Re: [users@httpd] mod_autoindex and filenames containing "%"
>
> > Leif W:
> > This seems like a bug to me.
>
> I think it is safe to file this as a bug, if it isn't already in the
> database;

Done.  I modified an existing bug report.  It was a narrower scope
(directory name only), so I broaded it to include directory AND file names.
It was also only on Win2k/NT, so I changed the OS to ALL.  And finally, I
obviously changed the Apache version to the most current.  But the bug has
already been in the database over a year and never been assigned to anyone,
still marked as NEW.  Included a URL back to this thread for examples and
verified reproducibility.  Quoted your estimation of what might be the cause
of the bug.

> As I see it, the "bug" in mod_autoindex would be that it doesn't
> URI-escape the filename before sending it to the sub_request function.

Anyone feel like trying to hack the source?  This seems straightforward
enough for me to give it a shot.  Just, I can't seem to find (grep -niH
sub_request `find . -name "*.[ch]"`) a function named sub_request.  There's
a make_sub_request... but it doesn't seem related (all calls are in
request.c).

Just to be clear, please restate what IS happening, and what is SUPPOSED to
happen.  I'll look at which files need modifying, and which function(s).
I'm guessing it's just mod_autoindex.c somewhere in the index_directory
function, somewhere in this chunk of code:

                else {
                    pstring = apr_pstrndup(r->pool, qstring, eos - qstring);
-->                 if (ap_unescape_url(pstring) != OK) {
                        /* ignore the pattern, if it's bad. */
                        pstring = NULL;
                    }
                    else {
                        ppre = ";P=";
                        /* be correct */
                        epattern = ap_escape_uri(r->pool, pstring);
                    }
                }


Leif

P.S.  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13598



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message