You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/03/12 01:02:18 UTC
DO NOT REPLY [Bug 34602] - mod_rewrite fails to correctly deal with URLS that have escapes in them
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34602>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34602
------- Additional Comments From michael@chunkycow.com.au 2007-03-11 17:02 -------
This bug is a killer for me using PHP and it`s URLENCODE function.
Basically this encodes a space as a literal '+' in the url and escapes a literal
'+' as %2b, the problem is that once we hit the RewriteRule the space is still
encoded as a literal '+' and the literal '%2b' is decoded to be a literal '+'
aswell.
As you can imagine the RewriteMap solution dosen`t work and I`m left with no
solution but to double encode which is horrible.
Is there a reason that one must decode the hex entities before the use of the
RewriteRules and is it due to the 'being a path' way of thinking as alot more
URLs are not only used as a path to a resource but to pass information aswell.
This is what i`d like to see:
# accept a-zA-Z and %2b(escaped '+')
RewriteRule ^resource/([a-z]|%2b)+$ /resource.ext?data=$1 [NC]
This would still fail on say '/resource/info%' as it`s not the sequence %2b etc
and would use the first matching rule for something like:
RewriteRule ^resource/([a-z]|%2|%2b)+$ /resource.ext?data=$1 [NC]
'/resource/%2'.
I`d love to hear everyone's opinion on this as I`m not sure if it would be the
correct way to handle it or if it would lead to security concerns etc,
If there is agreement I`ll have a stab at implementing it and see where it
leads, if it is fundamentaly wrong and you have some resources I would love to
know that too.
Thanks
Michael
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org