You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by dean gaudet <de...@arctic.org> on 2001/02/17 12:24:09 UTC

escaping/unescaping nits

hey there,

i was relearning http parsing to verify the behaviour of another web
server, and found a small bug in apache's parsing.  this fix needs to go
into 2.0.

i'm pretty sure there's also a need to unescape the scheme, but i didn't
try to fix that...

i was also thinking that ap_parse_uri_components should perhaps be
responsible for the unescaping of the uri hostname and scheme?  not sure.

such a change might mean that unparse_uri would also need to know when to
escape strings.  in fact i bet it really should -- such as if it has to
unparse a path containing a ? which should go to %3F or else it will form
a query string which it shouldn't.

anyhow i leave those other nits for someone else to clean up, sorry :)

-dean

p.s. the Hostname header doesn't go through ap_parse_uri_components and it
needs escaping too so maybe my fix in fix_hostname() is the best place
after all.

---------- Forwarded message ----------
Reply-To: new-httpd@apache.org
Date: 17 Feb 2001 11:17:48 -0000
From: dgaudet@apache.org
To: apache-1.3-cvs@apache.org
Subject: cvs commit: apache-1.3/src/main http_vhost.c

dgaudet     01/02/17 03:17:47

  Modified:    src      CHANGES
               src/main http_vhost.c
  Log:
  we have to unescape the hostname at some point... this seems to be the
  easiest.  (having just gone through all the parsing code again i'm
  thinking it would have been nice to have all the parsing and validity
  checks in one place.)

  Revision  Changes    Path
  1.1649    +3 -0      apache-1.3/src/CHANGES

  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1648
  retrieving revision 1.1649
  diff -u -r1.1648 -r1.1649
  --- CHANGES	2001/02/16 14:27:14	1.1648
  +++ CHANGES	2001/02/17 11:17:40	1.1649
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3.18

  +  *) Escapes in hostnames such as www.%61rctic.org were not handled
  +     properly.  [Dean Gaudet]
  +
     *) PORT: Allow for build under latest dev. version of NonStopUX
        on Compaq. [Tom Bates <to...@compaq.com>]




  1.26      +4 -0      apache-1.3/src/main/http_vhost.c

  Index: http_vhost.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_vhost.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- http_vhost.c	2001/01/23 14:14:06	1.25
  +++ http_vhost.c	2001/02/17 11:17:45	1.26
  @@ -705,6 +705,10 @@

       /* check and copy the host part */
       src = r->hostname;
  +    /* unescape the hostname first */
  +    if (ap_unescape_url(src) != OK) {
  +	goto bad;
  +    }
       dst = host;
       while (*src) {
   	if (*src == '.') {