You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Marc Slemko <ma...@znep.com> on 1998/07/17 02:40:00 UTC
Re: protocol/2602: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param... (fwd)
The following reply was made to PR protocol/2602; it has been noted by GNATS.
From: Marc Slemko <ma...@znep.com>
To: Apache bugs database <ap...@apache.org>
Cc: Subject: Re: protocol/2602: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param... (fwd)
Date: Thu, 16 Jul 1998 17:26:55 -0700 (PDT)
---------- Forwarded message ----------
Date: Thu, 16 Jul 1998 18:15:01 +0300 (EET DST)
From: Super-User <ro...@s2.rnc.ro>
To: marc@hyperreal.org
Subject: Re: protocol/2602: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param...
>
> Synopsis: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param...
>
> State-Changed-From-To: open-closed
> State-Changed-By: marc
> State-Changed-When: Thu Jul 16 00:11:59 PDT 1998
> State-Changed-Why:
> The current behaviour is correct. As URL specs detail,
> '?' is a reserved character which are reserved for special
> meaning.
>
> For example, see section 2.2 of RFC-1738.
>
> You can _not_ encode all characters, and encoding a
> reserved character can and (in this case) does change
> the semantics of the particular URL.
O.K. could be.
Now what do you suggest I should use to make Windoze clients
download cgi results correctly (i.e. use the last part of the url
and NOT the cgi name) ?
Or any other solution to restrict access to files based on IP of the client
and NOT on passwords (those could be sniffed) ?
Or any means to hack the apache code to accept parsing of %3F in cgi's ?
Last but not least, would it hurt if this parsing of reserved characters
(at least '?') would be an option in the apache config file ?(although
I haven't met yet any cgi containing '?' in it's name)
I'd be very greatful if you could help me stop getting bugged by windozers
wanting to d/l restricted files.
(on my unix box, netscape does the downloads just o.k., it does not choke
on the question mark).
Andrei P