www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Van Essen" <vanes...@maroon.tc.umn.edu>
Subject Re: general/284: GET request with trailing ".." needs a REDIRECT
Date Sun, 30 Mar 1997 07:29:30 GMT
On Sat, 29 Mar 1997, Dean Gaudet <dgaudet@arctic.org> wrote:

>I would tend to be of the opposite opinion.  This is a client fault and if
>we work around it on our end then it becomes part of the protocol, and
>future clients may abuse it.  I'm sure someone else will correct me if I'm
>wrong, but I'm pretty sure that clients are required to parse .. on their
>end. 

I did say (indirectly) that, indeed, it *is* the client's fault:

} This came to light because a spider/robot program named Teleport Pro
} incorrectly sends a GET request with a URI that ends in a ".." when it
  ^^^^^^^^^^^

I've had at least 4 instances of this already - with more to come, no doubt.

The getparents routine already deals with trailing ".." (see below),
so it's already part of the protocol.  I'm just asking for the redirection.

I've figured out a very simple fix.  getparents() in util.c has this:

    /* d) remove trailing xx/.. segment. */
    if (l == 2 && name[0] == '.' && name[1] == '.') name[0] = '\0';
    else if (l > 2 && name[l-1] == '.' && name[l-2] == '.' && name[l-3]
== '/')
    {
        l = l - 4;
        if (l >= 0)
        {
            while (l >= 0 && name[l] != '/') l--;
            l++;
        }
        else l = 0;
        name[l] = '\0';
    }


Change      l++;
to          if (l <= 0) l++;     /* Keep "/" only if at BOL */

and the missing "/" (which was also missing on the original URI,
I might add) will trigger the redirection in handle_dir().

Maybe I'll try this out.  After all, it only affects processing for
URI's that we shouldn't even be getting, right?  ;)

        John Van Essen   <vanes002@tc.umn.edu>   <jve@gamers.org>


Mime
View raw message