You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/05/21 21:33:52 UTC

svn commit: r1484915 - /httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c

Author: rjung
Date: Tue May 21 19:33:52 2013
New Revision: 1484915

URL: http://svn.apache.org/r1484915
Log:
Don't do double percent decoding.

msgID is part of path_info, which is already
percent decoded. Double decoding here can lead
to path traversal issues and similar problems.

Clients sending a double encoded msgID are in
error. It seems currently all pages generated by
mod_mbox itself only contain correct single encoded
links.

Modified:
    httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c

Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c
URL: http://svn.apache.org/viewvc/httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c?rev=1484915&r1=1484914&r2=1484915&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_out.c Tue May 21 19:33:52 2013
@@ -958,8 +958,6 @@ int mbox_raw_message(request_rec *r, apr
         part++;
     }
 
-    ap_unescape_url(msgID);
-
     /* Fetch message */
     m = fetch_message(r, f, msgID);
     if (!m) {
@@ -1123,7 +1121,6 @@ int mbox_static_message(request_rec *r, 
     baseURI = get_base_uri(r);
 
     msgID = r->path_info + 1;
-    ap_unescape_url(msgID);
 
     /* msgID should be the part of the URI that Apache could not resolve
      * on its own.  Grab it and skip over the expected /. */
@@ -1241,7 +1238,6 @@ apr_status_t mbox_xml_message(request_re
 
     /* Here, we skip 6 chars (/ajax/). */
     msgID = r->path_info + 6;
-    ap_unescape_url(msgID);
 
     m = fetch_message(r, f, msgID);
     if (!m) {