www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <m...@hyperreal.org>
Subject Re: config/859: space in URL garbles script environment vars
Date Sat, 12 Jul 1997 18:39:00 GMT
Synopsis: space in URL garbles script environment vars

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Sat Jul 12 11:38:59 PDT 1997
I have already responded to your post on the newsgroup.

If the client makes a request such as:

     GET /ab cd.html HTTP/1.0

then Apache is perfectly justified in treating that as
a request for /ab with a protocol of cd.html with some
crap on the end or a protocol of "cd.html HTTP/1.0".
Any spaces in URLs must be % escaped or else it is completely

Apache is giving your ErrorDocument script what it gets.  If
the client doesn't follow the rules and escape things properly,
then it is completely impossible to guess what it wants; you
will be wrong some of the time no matter how you guess.

The "right thing" is not known anywhere in Apache; when it logs
it in the access log, it logs the document (/ab) and protocol
(cd.html HTTP/1.0).  There is no reason to think this has any security implications.

View raw message