You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Craig Miskell <cm...@albatross.co.nz> on 2001/05/15 02:19:45 UTC

mod_rewrite/7722: Passthrough rules don't uri-escape the arguments

>Number:         7722
>Category:       mod_rewrite
>Synopsis:       Passthrough rules don't uri-escape the arguments
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon May 14 17:20:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     cmiskell@albatross.co.nz
>Release:        1.3.20
>Organization:
apache
>Environment:
Using mod_rewrite and (at least) mod_WebObjects, the module from Apple that provides a module way to access WebObjects applications, rather than cgi
>Description:
Passthrough rules don't uri-escape the arguments, which is necessary for at least WebObjects module, and probably others.  
>How-To-Repeat:
Create a passthrough rule like
RewriteRule ^/Foo/bar/([a-zA-Z0-9\ ]+)$ /Otherfoo/otherbar?something=$1 [PT]
and when the $1 contains a space, any other handlers (at least Webobjects, I guess other ones as well) get confused because the URL has a space in it.
>Fix:
Here's my patch - it even honours the NE flag.  It doesn't change the escaping/non-escaping of the uri - that may also need to be added, in similar fashion to how it is done for Redirects. 
(diff is diff -C3 format as HPUX diff doesn't handle unified format, or I couldn't convince it to do so)

*** /tmp/mod_rewrite.c  Mon May 14 15:46:51 2001
--- src/modules/standard/mod_rewrite.c  Tue May 15 12:12:45 2001
***************
*** 1207,1212 ****
--- 1207,1221 ----
               * r->uri! The difference here is: We do not try to
               * add the document root
               */
+             /* Arguments to a passthrough may very well contain things
+              * that must be escaped.
+              * but don't do it if there the user has explicitly requested
+              * that we don't
+              */
+             if (rulestatus != ACTION_NOESCAPE) {
+                 cp2 = ap_escape_uri(r->pool, r->args);
+                 r->args = ap_pstrdup(r->pool, cp2);
+             }
              r->uri = ap_pstrdup(r->pool, r->filename+12);
              return DECLINED;
          }
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]