www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Barklund@hyperreal.org, Jonas <jo...@csd.uu.se>
Subject mod_log-any/1670: Double quotes in HTTP request line bungle common log
Date Wed, 14 Jan 1998 14:32:25 GMT

>Number:         1670
>Category:       mod_log-any
>Synopsis:       Double quotes in HTTP request line bungle common log
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jan 14 06:40:00 PST 1998
>Originator:     jonas@csd.uu.se
>Release:        1.2.5
SunOS 5.5.1, SUN SparcServer 20
(This is related to PR 1598.)
In the Common Log Format, the HTTP request line
is the fifth field and enclosed in double quotes.  Here is the request line
of a recent log entry from our server:

"GET /"d49her/calvin/jumpstation.html HTTP/1.0"

(Note how the user has entered a double quote instead of a squiggle.)
In order to make it possible to parse a line in the
log (with reasonable convenience), double quotes appearing in the request
line ought to be protected so they do not appear to finish the request
line field.
Submit a request containing a double quote in the local part.
When writing the request line to the log (between double quotes),
replace " with \", \ with \\ and newline with \n (the usual C style
conventions).  Typical request lines do not include any of ", \ or newline
and will not be affected by this, but bogus requests will no longer mess up
the log
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]

View raw message