You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ryan Stille <rp...@willconsult.com> on 2003/10/13 22:14:59 UTC

[users@httpd] apache is replacing & with & in redirect urls ?

I am having some problems on a ColdFusion site we have.  I see errors in the error log because people are requesting URLs that have &amp; instead of a real '&' in them.  For example, this url causes the app to crash:

/index.cfm?cat=62&amp;subcatid=77&amp;artid=2465

Some of these may be happening at the application level or from cut & paste on client machines that mangle the URL.  But here is a transcript of me telneting to port 80 and requesting a script that results in a redirect.  See how apache is putting &amp; in the link?  Why is that?

-Ryan


[root@cfdev /root]# telnet myhost.com 80
Trying 192.x.x.x...
Connected to mthost.com.
Escape character is '^]'.
GET /track/index.cfm?action=trkclk&bannerid=205&PathInfo=/businessdir/index.cfm HTTP/1.1
HOST: myhost.com

HTTP/1.1 302 Found
Date: Mon, 13 Oct 2003 20:05:18 GMT
Server: Apache/1.3.14 (Unix)
Location: http://myhost.com/realestate/index.cfm?action=show&propertyid=10471
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://myhost.com/realestate/index.cfm?action=show&amp;propertyid=10471">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.14 Server at myhost.com Port 80</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache is replacing & with & in redirect urls ?

Posted by Leif W <wa...@usa.net>.

> ----- Original Message ----- 
> From: "Ryan Stille" <rp...@willconsult.com>
> To: <us...@httpd.apache.org>
> Sent: Monday, October 13, 2003 4:14 PM
> Subject: [users@httpd] apache is replacing & with &amp; in redirect urls ?
>
>
> I am having some problems on a ColdFusion site we have.  I see errors
> in the error log because people are requesting URLs that have &amp;
> instead of a real '&' in them.  For example, this url causes the app to
crash:
>
> /index.cfm?cat=62&amp;subcatid=77&amp;artid=2465
>
> Some of these may be happening at the application level or from cut &
paste
> on client machines that mangle the URL.  But here is a transcript of me
> telneting to port 80 and requesting a script that results in a redirect.
See how
> apache is putting &amp; in the link?  Why is that?

I think this is because proper HTML code says that since & is the escape
character for entering numeric or alpha-friendly names of character entity
data, that & must not be present by itself, and should correctly be
referenced as &amp;.  If you put this URL with the &amp; into an HTML page
and click it manually, then what happens?  You will probably find that the
browser correctly translates this back to & before sending the request to
the server.  So, my best guess would be that the browser is broken, as it is
not honoring this convention when it does an automatic interception of a
302.  Which browser have you observed the problem with?  Have you tried
other browsers?  I would guess that at least one browser out there gets it
right.  By all means file a bug report with the browser(s)' maker(s).

Leif

> -Ryan
>
>
> [root@cfdev /root]# telnet myhost.com 80
> Trying 192.x.x.x...
> Connected to mthost.com.
> Escape character is '^]'.
> GET
/track/index.cfm?action=trkclk&bannerid=205&PathInfo=/businessdir/index.cfm
HTTP/1.1
> HOST: myhost.com
>
> HTTP/1.1 302 Found
> Date: Mon, 13 Oct 2003 20:05:18 GMT
> Server: Apache/1.3.14 (Unix)
> Location:
http://myhost.com/realestate/index.cfm?action=show&propertyid=10471
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <HTML><HEAD>
> <TITLE>302 Found</TITLE>
> </HEAD><BODY>
> <H1>Found</H1>
> The document has moved <A
HREF="http://myhost.com/realestate/index.cfm?action=show&amp;propertyid=1047
1">here</A>.<P>
> <HR>
> <ADDRESS>Apache/1.3.14 Server at myhost.com Port 80</ADDRESS>
> </BODY></HTML>
> Connection closed by foreign host.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org