www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Skip Montanaro <s...@calendar.com>
Subject general/2389: Problem when %2f appears in PATH_INFO
Date Tue, 09 Jun 1998 10:22:22 GMT

>Number:         2389
>Category:       general
>Synopsis:       Problem when %2f appears in PATH_INFO
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jun  9 03:30:00 PDT 1998
>Last-Modified:
>Originator:     skip@calendar.com
>Organization:
apache
>Release:        1.3.0
>Environment:
Red Hat Linux 5.0, gcc 2.7.2.3, Linux dt09q1n8c 2.0.32 #5 Thu Apr 30 23:01:52 EDT 1998 i586
unknown
>Description:
I was trying to work around a possible Internet Explorer bug, and noticed that
URLs of the form

    http://host/cgi-bin/script/http%3a%2f%2fotherhost/...

don't work.  I was purposely encoding / as %2f (which I think ought to be valid)
to try and avoid what appears to be the removal of // or at least collapse of //
to / by MSIE.

>How-To-Repeat:
The following CGI script demonstrates the problem:

#!/bin/sh

echo "Content-type: text/plain"
echo ""
echo "PATH_INFO: $PATH_INFO"

When invoked as (for example):

http://yourhost/cgi-bin/rdir/http%3a%2f%2fwww.apache.org/

the response seen in Netscape is

Not Found

The requested URL /cgi-bin/rdir/http://www.apache.org/ was not found on this server.

If you invoke it as

http://yourhost/cgi-bin/rdir/http%3a//www.apache.org/

it works fine.
>Fix:
Unfortunately, no.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message