On 10/03/2021 11:36, jfcl...@apache.org wrote:
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c URL:http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?rev=1887415&r1=1887414&r2=1887415&view=diff ============================================================================== --- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original) +++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Wed Mar 10 10:36:46 2021 @@ -1087,6 +1087,8 @@ static void push2table(const char *input } ap_unescape_url(key); ap_unescape_url(val); + /* hcuri, worker name, balancer name, at least are escaped when building the form, so twice */ + ap_unescape_url(val); if (allowed == NULL) { /* allow all */ apr_table_set(params, key, val);
I noted the problem with worker URL: ajp://[0:0:0:0:0:0:0:1]:8081 In fact the worker encoded in the form to: <input type=hidden name='w' id='w' value="ajp://%5b0:0:0:0:0:0:0:1%5d:8081"> So it get encoded twice, as well as hcuri and balancer name. Does it make more sense to remove the encoding while building the form? -- Cheers Jean-Frederic
