Jeff Trawick <[EMAIL PROTECTED]> writes: > This function is checking for several characters which, at least in > ASCII, are supposedly not valid characters for filenames. But some of > these same characters can appear in valid non-ASCII filenames, and the > logic to check for these characters breaks Apache's ability to serve > those files. > > A user reported the inability to request a file with the Chinese > character %b5%7c in the name. The %7c byte tripped up the check for > invalid ASCII characters.
I think this is an accurate statement regarding the use of non-ASCII characters in filenames with Apache 1.3 on Win32. Comments? -------------------cut here------------------ Names of file-based resources with Apache 1.3 on Win32 Apache 1.3 on Win32 assumes that the names of files served are comprised solely of characters from the US-ASCII character set. It has no logic to determine whether or not a possible file name contains invalid non-ASCII characters. It has no logic to properly match actual non-ASCII file names with names specified in the Apache configuration file. Because Apache does not verify that the characters in file names are all ASCII, files files containing various non-ASCII characters in their names can be successfully served by Apache. However, this is not recommended for the following reasons: 1) Because Apache is unable to properly match actual non-ASCII file names with names in the Apache configuration file, taking into account any case folding or other transformations handled by the operating system when looking up files or otherwise matching file names, directives in the Apache configuration file may or may not be in force, depending on how the HTTP client specifies the resource. This may be a security concern, depending on your configuration. 2) Because Apache assumes that file names are ASCII, some of the checks it makes when validating file names will flag certain non-ASCII characters as invalid. For example, Apache on Win32 will flag a file name containing the ASCII character '|' (0x7C) as invalid. This logic will flag any file name containing the byte 0x7C as invalid, even if that byte does not represent '|' in the local character set. There are other characters checked for as well. Because of these checks, even if there are no security issues in your configuration, the full range of local characters cannot be used. Because of the lack of proper support for non-ASCII characters in file names, it is recommended that administrators not attempt to use any non-ASCII characters in file names. Any other configuration is unsupported. ------------------cut here---------------- -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...