You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Brian Slesinsky <bs...@wired.com> on 1997/09/09 02:50:05 UTC

mod_rewrite/1103: mod_rewrite can't redirect URL's containing %2F

>Number:         1103
>Category:       mod_rewrite
>Synopsis:       mod_rewrite can't redirect URL's containing %2F
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep  8 17:50:01 1997
>Originator:     bslesins@wired.com
>Organization:
apache
>Release:        1.2.0
>Environment:
Solaris and Linux
>Description:
If there is a %2F (escaped '/') anwhere within a URL and it's redirected with
mod_rewrite, Apache will return an error instead of redirecting it.  This causes
problems when we try to redirect a GET form submission and one of the form
variables contains a pathname.

This is probably because mod_rewrite calls unescape_url(), which deliberately
croaks for %2F.
>How-To-Repeat:
Add this to a config file:
RewriteEngine On
RewriteRule ^/foo http://www.apache.org/ [R]

Try this URL:
http://localhost/foo%2F
>Fix:
Provide an alternative to unescape_url() that doesn't do anything special for
%2F.
%0
>Audit-Trail:
>Unformatted: