>Number: 5326
>Category: mod_speling
>Synopsis: mod_speling does not escape URLs
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Nov 17 04:10:00 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.9
>Environment:
Linux gristle.office.niss.ac.uk 2.2.10 #2 Thu Jun 17 11:36:26 BST 1999 i686
unknown
gcc version 2.7.2.3
--
SunOS synapse 5.6 Generic_105181-16 sun4u sparc SUNW,Ultra-5_10
gcc version 2.8.1
>Description:
If you have url /file%20name.html or /dir%20name/file.html and spell it slightly
wrong (as per how mod_speling works) then it doesn't re-escape the " " (space)
back to "%20".
(PS. if you want the patch below e-mailed as an attachment, let me know.
Also - I have nuke-trailing-whitespace on, so there are a few extra "bogus"
lines in this diff.)
>How-To-Repeat:
>Fix:
--- src/modules/standard/mod_speling.c.orig Wed Nov 17 09:26:56 1999
+++ src/modules/standard/mod_speling.c Wed Nov 17 09:52:00 1999
@@ -264,7 +264,7 @@
filoc = ap_rind(r->filename, '/');
/*
* Don't do anything if the request doesn't contain a slash, or
- * requests "/"
+ * requests "/"
*/
if (filoc == -1 || strcmp(r->uri, "/") == 0) {
return DECLINED;
@@ -397,9 +397,29 @@
qsort((void *) candidates->elts, candidates->nelts,
sizeof(misspelled_file), sort_by_quality);
+ /* 16.11.1999 nic <[EMAIL PROTECTED]>
+ * This escapes the last element of the of the path.
+ */
+ for ( i = 0 ; i < candidates->nelts ; ++i ) {
+ /* Partial needs to be set because these are filenames */
+ variant[i].name = ap_os_escape_path(r->pool,
+ variant[i].name,
+ 1);
+ }
+ /* 17.11.1999 nic <[EMAIL PROTECTED]>
+ * This escapes the rest of the path.
+ */
+ url = ap_os_escape_path(r->pool,
+ url,
+ 0);
/*
- * Conditions for immediate redirection:
- * a) the first candidate was not found by stripping the suffix
+ * Conditions for immediate redirection:
+ * a) the first candidate was not found by stripping the suffix
* AND b) there exists only one candidate OR the best match is not
* ambiguous
* then return a redirection right away.
@@ -496,7 +516,7 @@
if (i > 0 && i < candidates->nelts - 1
&& variant[i].quality != SP_VERYDIFFERENT
&& variant[i + 1].quality == SP_VERYDIFFERENT) {
- *(const char **)ap_push_array(t) =
+ *(const char **)ap_push_array(t) =
"</ul>\nFurthermore, the following related "
"documents were found:\n<ul>\n";
}
@@ -519,7 +539,7 @@
ap_table_mergen(r->subprocess_env, "VARIANTS",
ap_array_pstrcat(p, v, ','));
-
ap_destroy_pool(sub_pool);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, r,
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
