www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Jacobson <a...@interband.com>
Subject general/876: path-info should not be urlencoded
Date Thu, 17 Jul 1997 14:40:01 GMT

>Number:         876
>Category:       general
>Synopsis:       path-info should not be urlencoded
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Jul 17 07:40:01 1997
>Originator:     alex@interband.com
>Organization:
apache
>Release:        
>Environment:
linux, solaris, sunos
>Description:
apache urldecodes path-info but not query strings.
the upshot is that cgi-scripts lack information about what was really
sent to the server since the urldecoder does not fail when there are
characters that should have been encoded.
You should not urlencode
>How-To-Repeat:
make a cgi that prints the environment
try typing:
http://server.com/cgi-bin/printenv/foo%20goo/doo=hoo%20goo
>Fix:
turn off url-decoding of path-info or make it a config option
1. no urldecoding of path-info
2. urldecoding only for correctly encoded path-info
3. urldecoding of all path-info (current behavior%2
>Audit-Trail:
>Unformatted:



Mime
View raw message