Mailing List Archive

[Bug 64607] New: RewriteRule: Incorrect description for the NoEscape flag
https://bz.apache.org/bugzilla/show_bug.cgi?id=64607

Bug ID: 64607
Summary: RewriteRule: Incorrect description for the NoEscape
flag
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: bram-ncnpur@mail.wizbit.be
Target Milestone: ---

Documentation for the NoEscape RewriteRule flag:
https://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_ne

> By default, special characters, such as & and ?, for example, will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening.

Testing this however shows that this does *not* happen for the '&' character.

Digging into the code: as far as I can tell it either ends up in:

* modules/proxy/proy_util.c: ap_proxy_canonenc or
* server/util.c: ap_os_escape_path (which uses a list generated by
server/gen_test_char.c)

Both of these treat the '&' as an allowed character in a path.

For reference: list of characters that are treated as allowed (and are thus
never converted to their hexcode equivalent):
* alphanumeric characters
* characters: "$-_.+!*'(),:;@&=/~"

As a minimum I would drop the reference to '&' in the description since it's
incorrect.
I suppose it could be replaced with another character (such as '{') or as an
alternative list the characters that are allowed.

I.e. something like:

> By default, special characters(*) will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening.
> (*): special characters: characters that are *not*:
> - alphanumeric characters,
> - '$',
> - '-',
> - '_',
> - ...

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org