You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/02/10 15:22:38 UTC
[Bug 58988] New: $ escaping for rewrite
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Bug ID: 58988
Summary: $ escaping for rewrite
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: remm@apache.org
The following escaping behavior should be implemented:
https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #11 from Mark Thomas <ma...@apache.org> ---
Re-resolving this as FIXED since the original issue is fixed.
%20 is a special case. The rules are based on decoded URIs. The problem is that
space is a delimiter for the rules so while there are ways (via regular
expressions) to use space in a pattern, there isn't a way to include a space in
the substitution.
One option would be to decode the rules but that would likely break existing
rules.
Using R is probably the best work-around if you need to include a space in the
re-written URI.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #2 from Remy Maucherat <re...@apache.org> ---
Normally % should be escaped with \% according to the documentation, not
anything else.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Stefan <st...@drv-bund.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #10 from Stefan <st...@drv-bund.de> ---
That's right, I missed %2 as a back-reference.
Adding a R flag does the job. I don't know why and seems a bit tricky, but it
solves the problem.
thank you very much!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #4 from Felix Schumacher <fe...@internetallee.de> ---
Fixed in 9.0.0.M4 and 8.0.33.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Felix Schumacher <fe...@internetallee.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |NEEDINFO
--- Comment #8 from Felix Schumacher <fe...@internetallee.de> ---
When a RewriteRule such as
RewriteRule /abc /r%20
is used, the %2 will be interpreted as a back-reference to a match.
Your condition has two matching groups, but %2 would reference back to a third
group, that does not exist. That's where the NPE comes from. (I left out the
matching groups for simplicity.)
If you escape the % with a backslash, it will be put verbatim in the (url
decoded) rewritten path and finally url encoded into %25.
What you need is a way to encode %20 into a static string - that is a space in
this case, right?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Stefan <st...@drv-bund.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #5 from Stefan <st...@drv-bund.de> ---
It seems not fixed at 8.5.20 - \%20 was converted to %2520
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #1 from Felix Schumacher <fe...@internetallee.de> ---
Created attachment 33544
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33544&action=edit
Let backslashes escape characters
This will enable escaping (quoting) by using an backslash.
Apart from this, it will enable escaping the percent sign by using %%. It also
fixes a bug, when % was not followed by a digit or a curly brace.
The functionality for %% should probably not be added.
Documentation for the quotation feature is missing, too.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #6 from Felix Schumacher <fe...@internetallee.de> ---
(In reply to Stefan from comment #5)
> It seems not fixed at 8.5.20 - \%20 was converted to %2520
What happens when you don't place the backslash in front of %20?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #7 from Stefan <st...@drv-bund.de> ---
With backslash
---
RewriteRule ^/context/id=(\w{3})(\d{12}).*$
%{CONTEXT_PATH}/site/form/?mode=search&key=Help\%20Desk&key2="$1$2" [NC,NE,L]
RESULT - wrong URL
fqdn/context/site/form/?mode=search&key=Help%2520Desk&key2="1234"
Without backslash
---
RewriteRule ^/context/id=(\w{3})(\d{12}).*$
%{CONTEXT_PATH}/site/form/?mode=search&key=Help%20Desk&key2="$1$2" [NC,NE,L]
RESULT - Exception
10-Nov-2017 16:03:52.643 SCHWERWIEGEND [http-nio-80-exec-28]
org.apache.coyote.http11.Http11Processor.service Error processing request
java.lang.NullPointerException
at
org.apache.catalina.valves.rewrite.Substitution$RewriteCondBackReferenceElement.evaluate(Substitution.java:65)
at
org.apache.catalina.valves.rewrite.Substitution.evaluate(Substitution.java:269)
at
org.apache.catalina.valves.rewrite.RewriteRule.evaluate(RewriteRule.java:135)
at
org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java:313)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Remy Maucherat <re...@apache.org> ---
This looks fixed by r1729730
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58988] $ escaping for rewrite
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
--- Comment #9 from Felix Schumacher <fe...@internetallee.de> ---
Can you try and add an R flag to the variant that has the escaped percent sign?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org