https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
--- Comment #14 from Daniel Koke <daniel.k...@iconparc.de> 2010-03-10 08:42:20 UTC --- I understand your hint to the rfc2396 but with the AllowEncodedSlashes-directive i can change that behaviour: "Allowing encoded slashes does not imply decoding. Occurrences of %2F or %5C (only on according systems) will be left as such in the otherwise decoded URL string" (http://httpd.apache.org/docs/2.2/en/mod/core.html#allowencodedslashes) e.g. www.myurl.de/test/test.html Now i want to add a path variable: www.myurl.de/test/var=variable_content/test.html -> url www.myurl.de/test/test.html is called The variable_content will be encoded by the system. If the variable_content contains a path e.g. "foo/bar" it will be encoded to "foo%2fbar" and added to the url: www.myurl.de/test/var=foo%2fbar/test.html -> url www.myurl.de/test/bar/test.html is called !!!! I interpret the directive AllowEncodedSlashes to force my wanted behaviour. The %2f should not be decoded (like the docu says) and the called url should be www.myurl.de/test/test.html (In reply to comment #13) > My question is; what is adding the string %2f to the token? > If the string needs to be the Literal Text, e.g. a file names foo%2fbar, that > URL is only valid if the '%' is escaped by the client. > E.g. to retrieve /foo%2fbar - the string /foo%252fbar must be passed as the > request URI. It isn't a question of accepting '%2F' but a question of passing > the percent as an encoded literal; refer to http://tools.ietf.org/html/rfc2396 > section 2.4.2; > Because the percent "%" character always has the reserved purpose of > being the escape indicator, it must be escaped as "%25" in order to > be used as data within a URI. Implementers should be careful not to > escape or unescape the same string more than once, since unescaping > an already unescaped string might lead to misinterpreting a percent > data character as another escaped character, or vice versa in the > case of escaping an already escaped string. > The reason %2f or %5C are decrypted goes to this statement; > In some cases, data that could be represented by an unreserved > character may appear escaped; for example, some of the unreserved > "mark" characters are automatically escaped by some systems. If the > given URI scheme defines a canonicalization algorithm, then > unreserved characters may be unescaped according to that algorithm. > For example, "%7e" is sometimes used instead of "~" in an http URL > path, but the two are equivalent for an http URL. > The keyword here is 'equivalent'. httpd cannot preserve the %2F text while > allowing safe reencoding/redecoding. > If the client is failing to escape '%' that is a client flaw; please mention > what the origin of this filename pattern is. A form submission? > We concur the documentation is entirely broken and needs to be revisited. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
