You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/03/04 14:47:39 UTC

[Bug 54633] New: Invalid % encoding not rejected

https://issues.apache.org/bugzilla/show_bug.cgi?id=54633

            Bug ID: 54633
           Summary: Invalid % encoding not rejected
           Product: Apache httpd-2
           Version: 2.2.22
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: skh2@cornell.edu
    Classification: Unclassified

We have been getting a number of requests of the form:

http://www.hotelschool.cornell.edu/alumni/connect/events/10871?iframe=true&width=90%&height=90%

This results in a rack error:

 invalid %-encoding (90%)
  rack (1.4.5) lib/rack/backports/uri/common_18.rb:53:in
`decode_www_form_component'

Related bugs in rack and passenger punt this to Apache, saying it is the
responsibility of the web server to reject this with a 400.

http://code.google.com/p/phusion-passenger/issues/detail?id=831
https://github.com/rack/rack/issues/337

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org