RE: [users@httpd] mod_rewrite Special % character problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To tell the truth, I spent half the day just understanding what you were talking about and I had to do a number of tests before I actually did... And now I believe that the issue you raised is a real problem. Meanwhile I will suggest an alternate solution at the end of this post.

My conclusions are:

1. mod_rewrite actually un-escapes the URL path
I think it should not, but there may be a good reason for it.

2. the built-in RewriteMap function "escape" does not escape reserved characters like & and $
I think there is a need for a built-in function that actually does encode these characters. Maybe that function should be the currently existing escape function, or maybe a new function needs to be added.



Given the following configuration:
   RewriteLogLevel 9
   RewriteMap encode int:escape
   RewriteRule ^/folder/([^/]*)/([^/]*) /cgi-bin/printenv?vara=${encode:$1}&varb=$2 [PT,QSA]

I would expect the query "GET /folder/apples&oranges/more?varc=rock%26roll" to be handled in the following way:

1:  (2) init rewrite engine with requested uri /folder/apples&oranges/more
2:  (3) applying pattern '^/folder/([^/]*)/([^/]*)' to uri '/folder/apples&oranges/more'
3:  (5) map lookup OK: map=encode key=apples&oranges -> val=apples%26oranges
4:  (2) rewrite /folder/apples&oranges/more -> /cgi-bin/printenv?vara=apples&oranges&varb=more
5:  (3) split uri=/cgi-bin/printenv?vara=apples&oranges&varb=more -> uri=/cgi-bin/printenv, args=vara=apples%26oranges&varb=more&varc=rock%26roll
6:  (2) forcing '/cgi-bin/printenv' to get passed through to next API URI-to-filename handler

Instead of the expected line 3, what actually happens is:
 (5) map lookup OK: map=encode key=apples&oranges -> val=apples&oranges

which tells me that the escape function, for whatever reason, does not escape reserved characters except ";" (I did not test "/" and "?").


Furthermore I would expect "GET /folder/apples%26oranges/more" to be handled in the following way:

1:  (2) init rewrite engine with requested uri /folder/apples%26oranges/more
2:  (3) applying pattern '^/folder/([^/]*)/([^/]*)' to uri '/folder/apples%26oranges/more'
3:  (5) map lookup OK: map=encode key=apples%26oranges -> val=apples%2526oranges
4:  (2) rewrite /folder/apples&oranges/more -> /cgi-bin/printenv?vara=apples%2526oranges&varb=more
5:  (3) split uri=/cgi-bin/printenv?vara=apples%2526oranges&varb=more -> uri=/cgi-bin/printenv, args=vara=apples%2526oranges&varb=more&varc=rock%26roll
6:  (2) forcing '/cgi-bin/printenv' to get passed through to next API URI-to-filename handler

Instead of the expected line 1, I get 
 (2) init rewrite engine with requested uri /folder/apples&oranges/more

i.e. mod_rewrite un-escapes the URL path, which is carried over to the remainder of the processing.




I _know_ it is mod_rewrite that un-escapes the URL path and only the URL path, because when I request the URL "GET /cgi-bin/printenv?vara=apples%26oranges&varb=more" which is not processed by mod_rewrite, it comes out as expected at the other end, and a query string in a request processed by mod_rewrite containing an escaped character makes it through unchanged.


The problem can be circumvented by implementing your own escape function along the lines of:
-------
encode.pl:
#!/usr/bin/perl

select STDOUT ; $|=1;
while ( <> )
{
   $_ =~ s/%/%25/;
   $_ =~ s/&/%26/;

   /* Add other translation rules here */

   print $s;
}

$|=0
--------

   RewriteEngine On
   RewriteLog /u01/apachetest/logs/rewrite_log
   RewriteLogLevel 9

   RewriteMap encode prg:/u01/apachetest/conf/encode.pl

   RewriteRule ^/folder/([^/]*)/([^/]*) /cgi-bin/printenv?vara=${encode:$1}&varb=${encode:$1} [PT,QSA]

Then the request GET /folder/apples&%25oranges/more?varc=rock%26roll will end up as
(2) rewrite /folder/apples&%oranges/more -> /cgi-bin/printenv?vara=apples%26%25oranges&varb=more
(3) split uri=/cgi-bin/printenv?vara=apples%26%25oranges&varb=more -> uri=/cgi-bin/printenv, args=vara=apples%26%25oranges&varb=more&varc=rock%26roll


Hope this works.

If nobody else replies with an explanation as to why mod_rewrite behaves the way it does, maybe you should file a bug report...

-ascs











>From RFC 2396:

2.2. Reserved Characters

   Many URI include components consisting of or delimited by, certain
   special characters.  These characters are called "reserved", since
   their usage within the URI component is limited to their reserved
   purpose.  If the data for a URI component would conflict with the
   reserved purpose, then the conflicting data must be escaped before
   forming the URI.

      reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                    "$" | ","

   The "reserved" syntax class above refers to those characters that are
   allowed within a URI, but which may not be allowed within a
   particular component of the generic URI syntax; they are used as
   delimiters of the components described in Section 3.


2.4.2. When to Escape and Unescape
                                              Normally, the only time
   escape encodings can safely be made is when the URI is being created
   from its component parts; each component may have its own set of
   characters that are reserved, so only the mechanism responsible for
   generating or interpreting that component can determine whether or
   not escaping a character will change its semantics. Likewise, a URI
   must be separated into its components before the escaped characters
   within those components can be safely decoded.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux