You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by David Robinson <dr...@ast.cam.ac.uk> on 1995/11/07 11:52:00 UTC

Sloppy URLs (was Re: double slashes)

>  RST: THERE IS A BUG. Apache is NOT compatible with NCSA httpd in this
>  respect.
>
>No there is not --- NCSA 1.3 handles Alias comparisons the same way as
>the current 0.8.16 code --- by straight comparison with initial substrings.

Ooops; you are correct; I was wrong.

>The "ban //" hack is the one which *introduces* an incompatibility, which
>is the reason I am dead set to veto it.

Well, I still think the Apache (and NCSA) behaviour is pretty poor, and
that banning "//" would make it easier for users. Another example of lossage:

If you have a server-side include script which uses relative links,
then the client can get your script to include a different file.

e.g.
URL: /foo/bar/inc.shtml
<!--#include virtual="../somedoc.html"-->

If the client requests /foo/bar//inc.shtml, then
/foo/bar/somedoc.html is included, instead of /foo/somedoc.html

Apache 0.6.5 got this right.

If you don't like banning //, then how about issuing a redirect to the URL
without // ? (Until we can send a Base: header with HTTP/1.1)

  David.