You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2023/04/12 06:51:44 UTC

Re: svn commit: r1909073 - in /httpd/httpd/trunk/docs/manual: mod/mod_rewrite.xml rewrite/flags.xml


On 4/11/23 11:36 PM, covener@apache.org wrote:
> Author: covener
> Date: Tue Apr 11 21:36:55 2023
> New Revision: 1909073
> 
> URL: http://svn.apache.org/viewvc?rev=1909073&view=rev
> Log:
> PR66563: escaping of url releated server vars
> 
> Modified:
>     httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
>     httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> 
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml?rev=1909073&r1=1909072&r2=1909073&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml Tue Apr 11 21:36:55 2023
> @@ -661,7 +661,11 @@ AliasMatch "^/myapp" "/opt/myapp-1.2.3"
>                    <dd>The path component of the requested URI,
>                    such as "/index.html".  This notably excludes the
>                    query string which is available as its own variable
> -                  named <code>QUERY_STRING</code>.</dd>
> +                  named <code>QUERY_STRING</code>. The value returned for
> +                  both <code>REQUEST_URI</code> and <code>QUERY_STRING</code>

Are you sure that QUERY_STRING is decoded? IMHO QUERY_STRING returns r->args which is not decoded.

> +                  has already been %-decoded, to re-encoded it pass it through
> +                  the "escape" <a href="#mapfunc">mapping-function</a>.
> +                  </dd>
>  
>                    <dt><code>THE_REQUEST</code></dt>
>  

Regards

Rüdiger

Re: svn commit: r1909073 - in /httpd/httpd/trunk/docs/manual: mod/mod_rewrite.xml rewrite/flags.xml

Posted by Eric Covener <co...@gmail.com>.

On Wed, Apr 12, 2023 at 2:52 AM Ruediger Pluem <rp...@apache.org> wrote:
>
>
>
> On 4/11/23 11:36 PM, covener@apache.org wrote:
> > Author: covener
> > Date: Tue Apr 11 21:36:55 2023
> > New Revision: 1909073
> >
> > URL: http://svn.apache.org/viewvc?rev=1909073&view=rev
> > Log:
> > PR66563: escaping of url releated server vars
> >
> > Modified:
> >     httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> >     httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> >
> > Modified: httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml?rev=1909073&r1=1909072&r2=1909073&view=diff
> > ==============================================================================
> > --- httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml (original)
> > +++ httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml Tue Apr 11 21:36:55 2023
> > @@ -661,7 +661,11 @@ AliasMatch "^/myapp" "/opt/myapp-1.2.3"
> >                    <dd>The path component of the requested URI,
> >                    such as "/index.html".  This notably excludes the
> >                    query string which is available as its own variable
> > -                  named <code>QUERY_STRING</code>.</dd>
> > +                  named <code>QUERY_STRING</code>. The value returned for
> > +                  both <code>REQUEST_URI</code> and <code>QUERY_STRING</code>
>
> Are you sure that QUERY_STRING is decoded? IMHO QUERY_STRING returns r->args which is not decoded.

You are right! Thanks.