httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leslie R. Lait" <lrl...@ertel.gsfc.nasa.gov>
Subject [users@httpd] mod_autoindex and filenames containing "%"
Date Wed, 15 Oct 2003 22:22:51 GMT


I'm having problems using mod_autoindex to provide directory listings 
of collections of data files that follow a certain local file naming
convention.

The autoindex module in Apache 2.0.47 seems to ignore certain 
files which contain percent signs ("%") in the filename.  The problem
appears to be that the server is interpreting those filename
percents as the beginning of hex escape sequences.

Symptoms:
  Set up a directory somewhere under the server document root 
  with the following files:
      test00
      test01%w
      test02%0
      test03%00
      test04%25
      test05%26
      test06%10
      test07%01
  The web server has autoindexing enabled, of course.  The problem
  appears to be independent of whether various indexing options
  are enabled or disabled.  The symptoms appear when running
  under IRIX and Linux, and from the code this looks like an
  architecture-independent issue.
  
  An attempt to GET the directory will yield a directory listing
  that contains only:
      test00
      test04%25
      test05%26
      test06%10
      test07%01

   Filenames which have a valid hex escape sequence are listed
   correctly; "test05%26" appears as "test05%26" and not "test05&".
   But filenames which contain a "%" character followed by an
   invalid hex number are rejected and consequently ignored.
   "test03%00" also fails, apparently because the "%00" gets 
   unescaped to the null character.

After looking at the server source code and testing execution paths, 
this is what I have found:
     
   The index_directory() function in mod_autoindex.c examines and 
   assembles a list of the directory entries.  To be entered into 
   that list, the ap_process_request_internal() function---called 
   by way of make_autoindex_entry()---must return an "OK" status.  
   
   But one of the first things that ap_process_request_internal()
   does is pass the request URI through the ap_unescape_url() function
   to unescape any "%hh" sequences in the string.  This does not
   work so well when "%" characters are actually in the filenames
   being examined.  

Has anyone else encountered this problem?  Is this a known issue?
   
-- 
----------------------------------| 
Leslie Robert Lait                | 
An SSAI employee                  |
lrlait@code916.gsfc.nasa.gov      |

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message