Yet another URL-encoding bug:
Redirect /wibble/ http://aserver/dir/
accessing http://myserver/wibble/heelo%25.html
generates a redirect to the Location: http://aserver/dir/heelo%.html
mod_alias.c was not re-escaping the incoming URL for the redirect.
I've uploaded 26_redirect2.0.8.14.patch to hyperreal.com in the
for_Apache_0.8.14 directory (for the lack of a better place).
This patch calls escape_uri to fix the problem.
I would rather use os_escape_path() to escape the URI, but unfortunately, that
would break on requests with a ':' - e.g.
http://myserver/wibble/hello:.html would return a Location: of
http://aserver/dir/./hello:.html
My preferred solution would be to change os_escape_path() so that it escapes
':' - that way it can be called on both relative and absolute paths.
I think that is much neater than having two routines.
I've also copied across the QNX port patch.
David.
26_redirect2.0.8.14.patch:
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix handling of % in Redirect command
Affects: mod_alias.c
ChangeLog: Escape the URI before generating the redirect.
27_qnx.0.8.14.patch:
Subject: QNX Port
Affects: alloc.c conf.h http_main.c rfc931.c util.c Configuration
Changelog: QNX Port
Comments: This patch also removes some redundant headers (not gratuitously,
they had to go on QNX anyway, and were already included in some other
local header). It also adds a debugging convenience; SIGSEGV and
SIGBUS are not caught when in debug mode (-X flag). This makes
running under some debuggers better.
Redirect /wibble/ http://aserver/dir/
accessing http://myserver/wibble/heelo%25.html
generates a redirect to the Location: http://aserver/dir/heelo%.html
mod_alias.c was not re-escaping the incoming URL for the redirect.
I've uploaded 26_redirect2.0.8.14.patch to hyperreal.com in the
for_Apache_0.8.14 directory (for the lack of a better place).
This patch calls escape_uri to fix the problem.
I would rather use os_escape_path() to escape the URI, but unfortunately, that
would break on requests with a ':' - e.g.
http://myserver/wibble/hello:.html would return a Location: of
http://aserver/dir/./hello:.html
My preferred solution would be to change os_escape_path() so that it escapes
':' - that way it can be called on both relative and absolute paths.
I think that is much neater than having two routines.
I've also copied across the QNX port patch.
David.
26_redirect2.0.8.14.patch:
From: drtr@ast.cam.ac.uk (David Robinson)
Subject: Fix handling of % in Redirect command
Affects: mod_alias.c
ChangeLog: Escape the URI before generating the redirect.
27_qnx.0.8.14.patch:
Subject: QNX Port
Affects: alloc.c conf.h http_main.c rfc931.c util.c Configuration
Changelog: QNX Port
Comments: This patch also removes some redundant headers (not gratuitously,
they had to go on QNX anyway, and were already included in some other
local header). It also adds a debugging convenience; SIGSEGV and
SIGBUS are not caught when in debug mode (-X flag). This makes
running under some debuggers better.