You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/03/04 14:47:39 UTC
[Bug 54633] New: Invalid % encoding not rejected
https://issues.apache.org/bugzilla/show_bug.cgi?id=54633
Bug ID: 54633
Summary: Invalid % encoding not rejected
Product: Apache httpd-2
Version: 2.2.22
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: skh2@cornell.edu
Classification: Unclassified
We have been getting a number of requests of the form:
http://www.hotelschool.cornell.edu/alumni/connect/events/10871?iframe=true&width=90%&height=90%
This results in a rack error:
invalid %-encoding (90%)
rack (1.4.5) lib/rack/backports/uri/common_18.rb:53:in
`decode_www_form_component'
Related bugs in rack and passenger punt this to Apache, saying it is the
responsibility of the web server to reject this with a 400.
http://code.google.com/p/phusion-passenger/issues/detail?id=831
https://github.com/rack/rack/issues/337
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org