On Fri, Mar 10, 2023 at 11:57?AM Yann Ylavic <ylavic.dev@gmail.com> wrote:
>
> On Fri, Mar 10, 2023 at 4:34?PM Eric Covener <covener@gmail.com> wrote:
> >
> > Saw another report on users@
> >
> > Any thoughts on something like this to just allow spaces?
> > http://people.apache.org/~covener/patches/rewrite-lax.diff
>
> What about:
>
> Index: modules/mappers/mod_rewrite.c
> ===================================================================
> --- modules/mappers/mod_rewrite.c (revision 1908254)
> +++ modules/mappers/mod_rewrite.c (working copy)
> @@ -4814,7 +4814,8 @@ static int hook_uri2file(request_rec *r)
> apr_size_t flen;
> int to_proxyreq;
>
> - if (r->args && *(ap_scan_vchar_obstext(r->args))) {
> + if (rulestatus == ACTION_NOESCAPE
> + && r->args && *(ap_scan_vchar_obstext(r->args))) {
> /*
> * We have a raw control character or a ' ' in r->args.
> * Correct encoding was missed.
I think it helps for the users@ redirect case, but I think we still
have a concern with non-redirect (where IIUC there is not any escaping
even w/o the flag/status, but I am not 100% sure on this)
>
> On Fri, Mar 10, 2023 at 4:34?PM Eric Covener <covener@gmail.com> wrote:
> >
> > Saw another report on users@
> >
> > Any thoughts on something like this to just allow spaces?
> > http://people.apache.org/~covener/patches/rewrite-lax.diff
>
> What about:
>
> Index: modules/mappers/mod_rewrite.c
> ===================================================================
> --- modules/mappers/mod_rewrite.c (revision 1908254)
> +++ modules/mappers/mod_rewrite.c (working copy)
> @@ -4814,7 +4814,8 @@ static int hook_uri2file(request_rec *r)
> apr_size_t flen;
> int to_proxyreq;
>
> - if (r->args && *(ap_scan_vchar_obstext(r->args))) {
> + if (rulestatus == ACTION_NOESCAPE
> + && r->args && *(ap_scan_vchar_obstext(r->args))) {
> /*
> * We have a raw control character or a ' ' in r->args.
> * Correct encoding was missed.
I think it helps for the users@ redirect case, but I think we still
have a concern with non-redirect (where IIUC there is not any escaping
even w/o the flag/status, but I am not 100% sure on this)