Would it be useful to put some sort of notice of this
in r->notes? Not just here but everyplace we escape.
We get tripped up on this a lot :/
Just a thought (and maybe not a very good one)
On Mar 23, 2009, at 11:59 AM, jor...@apache.org wrote:
Author: jorton
Date: Mon Mar 23 15:59:36 2009
New Revision: 757427
URL: http://svn.apache.org/viewvc?rev=757427&view=rev
Log:
* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating
a proxy rule in directory context, do escape the filename by
default, since mod_proxy will not escape in that case due to the
(deliberate) fixup hook ordering.
Thanks to: rpluem
PR: 46428
Modified:
httpd/httpd/trunk/modules/mappers/mod_rewrite.c
Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=757427&r1=757426&r2=757427&view=diff
=
=
=
=
=
=
=
=
======================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Mon Mar 23
15:59:36 2009
@@ -4083,7 +4083,20 @@
* ourself).
*/
if (p->flags & RULEFLAG_PROXY) {
- /* PR#39746: Escaping things here gets repeated in
mod_proxy */
+ /* For rules evaluated in server context, the mod_proxy fixup
+ * hook can be relied upon to escape the URI as and when
+ * necessary, since it occurs later. If in directory
context,
+ * the ordering of the fixup hooks is forced such that
+ * mod_proxy comes first, so the URI must be escaped here
+ * instead. See PR 39746, 46428, and other headaches. */
+ if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
+ char *old_filename = r->filename;
+
+ r->filename = ap_escape_uri(r->pool, r->filename);
+ rewritelog((r, 2, ctx->perdir, "escaped URI in per-dir
context "
+ "for proxy, %s -> %s", old_filename, r-
>filename));
+ }
+
fully_qualify_uri(r);
rewritelog((r, 2, ctx->perdir, "forcing proxy-throughput with
%s",