Re: WWW Form Bug Report: "incorrect processing of percent-sign char encoding in URL" on SunOS 4.x

[Rob Hartill <ro...@imdb.com>]

Thanks for the info. Sounds like you have a valid point. I'll
hand it over to our HTTP/CGI gurus to investigate.


>Submitter: davis@cs.cornell.edu
>Operating system: SunOS 4.x, version: 
>Version of Apache Used: 1.1b3
>Extra Modules used: 
>URL exhibiting problem: http://www.ncstrl.org/~davis/apache-bug.html
>
>Symptoms:
>--
>Attemping to invoke a Script when the PATH_INFO has a
>slash encoded as a %2f fails to find  the script.
>To demo the bug, try
>
>http://www.apache.org/cgi-bin/test-cgi/arg1/arg2%2farg3
>
>As far as I can tell, this should result in a PATH_INFO
>that is /arg1/arg2/arg3
>
>but instead gets an error.
>
>This bug is fatal for my application, NCSTRL
>(http://www.ncstrl.org), which is used at more than
>fifty universities in the US and Europe.  We
>just had our first site try to install NCSTRL
>on Apache for the first time, and they found the bug
>
>If I am misunderstanding HTTP, please correct me
>
>
>This only seems to happen with a slash, so for example
>changing %2f to %2e works fine, generating a period.
>
>This bug does not exist in the CERN or NCSA servers.
>You can try http://willow.tc.cornell.edu:8080/cgi-bin/test-cgi
>to see for yourself.
>
>
>--
>
>Backtrace:
>--
>
>--

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.