www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Turner <sr...@cam.ac.uk>
Subject mod_log-any/6277: URL-escaping in logfile
Date Tue, 04 Jul 2000 16:14:50 GMT

>Number:         6277
>Category:       mod_log-any
>Synopsis:       URL-escaping in logfile
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 04 09:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     sret1@cam.ac.uk
>Release:        1.3.*
>Organization:
apache
>Environment:
Any
>Description:
>From the docs:

"Note that there is no escaping performed on the strings from %r, %...i and %...o;
some with long memories may remember that I thought this was a bad idea, once upon a
time, and I'm still not comfortable with it, but it is difficult to see how to `do
the right thing' with all of `%..i', unless we URL-escape everything and break with CLF."

Is there any chance of reconsidering this? I agree that a general solution is difficult.
But I do think that some solution is now needed. It's becoming more and more common for
referrer query args in particular to include quotes. It really doesn't make for a
well-defined format for a field delimited with quotes to be allowed to include
quotes. Maybe at least filenames and referrers could be %nm-escaped? I'm not sure
that would really be breaking with CLF.

PS I am the author of analog.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message