You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by dean gaudet <de...@arctic.org> on 2001/02/17 12:24:09 UTC
escaping/unescaping nits
hey there,
i was relearning http parsing to verify the behaviour of another web
server, and found a small bug in apache's parsing. this fix needs to go
into 2.0.
i'm pretty sure there's also a need to unescape the scheme, but i didn't
try to fix that...
i was also thinking that ap_parse_uri_components should perhaps be
responsible for the unescaping of the uri hostname and scheme? not sure.
such a change might mean that unparse_uri would also need to know when to
escape strings. in fact i bet it really should -- such as if it has to
unparse a path containing a ? which should go to %3F or else it will form
a query string which it shouldn't.
anyhow i leave those other nits for someone else to clean up, sorry :)
-dean
p.s. the Hostname header doesn't go through ap_parse_uri_components and it
needs escaping too so maybe my fix in fix_hostname() is the best place
after all.
---------- Forwarded message ----------
Reply-To: new-httpd@apache.org
Date: 17 Feb 2001 11:17:48 -0000
From: dgaudet@apache.org
To: apache-1.3-cvs@apache.org
Subject: cvs commit: apache-1.3/src/main http_vhost.c
dgaudet 01/02/17 03:17:47
Modified: src CHANGES
src/main http_vhost.c
Log:
we have to unescape the hostname at some point... this seems to be the
easiest. (having just gone through all the parsing code again i'm
thinking it would have been nice to have all the parsing and validity
checks in one place.)
Revision Changes Path
1.1649 +3 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1648
retrieving revision 1.1649
diff -u -r1.1648 -r1.1649
--- CHANGES 2001/02/16 14:27:14 1.1648
+++ CHANGES 2001/02/17 11:17:40 1.1649
@@ -1,5 +1,8 @@
Changes with Apache 1.3.18
+ *) Escapes in hostnames such as www.%61rctic.org were not handled
+ properly. [Dean Gaudet]
+
*) PORT: Allow for build under latest dev. version of NonStopUX
on Compaq. [Tom Bates <to...@compaq.com>]
1.26 +4 -0 apache-1.3/src/main/http_vhost.c
Index: http_vhost.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_vhost.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- http_vhost.c 2001/01/23 14:14:06 1.25
+++ http_vhost.c 2001/02/17 11:17:45 1.26
@@ -705,6 +705,10 @@
/* check and copy the host part */
src = r->hostname;
+ /* unescape the hostname first */
+ if (ap_unescape_url(src) != OK) {
+ goto bad;
+ }
dst = host;
while (*src) {
if (*src == '.') {