httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Re: [OBORONA-SPAM] RE: [users@httpd] escaped input mod_rewrite
Date Tue, 02 Nov 2004 21:11:46 GMT
On Wed, 03 Nov 2004 00:02:43 +0300, Vadim N. Lyalikov
<vadim-lyalikov@yandex.ru> wrote:
> If i want, that user (baker) can himself add *any* wedding cake names he
> wants to database dynamically, e.g. set of 2 names :
> "My-/?slashed-cake/name%2F" and
> "My-/?slashed-cake%2Fname/",
> exactly these names, awful for apache people, but beautiful for my
> eccentric baker; with slashes, percent signs, interrogation sign ...
> Can i handle this situation with your scheme?

Have your app do its own encoding/escaping that replaces anything
dangerous.  Something like base-64 encoding or the like would probably
be easy and safe.

Yes, this sounds a little irritating, but as I said, you can't expect
to use arbitrary strings in the pathname. And getting rid of complex
escaping will make your life much easier with mdo_rewrite.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message