You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/05/21 21:33:52 UTC
svn commit: r1484915 - /httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
Author: rjung
Date: Tue May 21 19:33:52 2013
New Revision: 1484915
URL: http://svn.apache.org/r1484915
Log:
Don't do double percent decoding.
msgID is part of path_info, which is already
percent decoded. Double decoding here can lead
to path traversal issues and similar problems.
Clients sending a double encoded msgID are in
error. It seems currently all pages generated by
mod_mbox itself only contain correct single encoded
links.
Modified:
httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
URL: http://svn.apache.org/viewvc/httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c?rev=1484915&r1=1484914&r2=1484915&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c Tue May 21 19:33:52 2013
@@ -958,8 +958,6 @@ int mbox_raw_message(request_rec *r, apr
part++;
}
- ap_unescape_url(msgID);
-
/* Fetch message */
m = fetch_message(r, f, msgID);
if (!m) {
@@ -1123,7 +1121,6 @@ int mbox_static_message(request_rec *r,
baseURI = get_base_uri(r);
msgID = r->path_info + 1;
- ap_unescape_url(msgID);
/* msgID should be the part of the URI that Apache could not resolve
* on its own. Grab it and skip over the expected /. */
@@ -1241,7 +1238,6 @@ apr_status_t mbox_xml_message(request_re
/* Here, we skip 6 chars (/ajax/). */
msgID = r->path_info + 6;
- ap_unescape_url(msgID);
m = fetch_message(r, f, msgID);
if (!m) {