Ticket Navigation

Ticket #911 (new defect)

Opened 2 years ago

Last modified 3 weeks ago

Need for URL encoding in mod_redirect and possibly mod_rewrite

Reported by:	spillgroup	Assigned to:	jan
Priority:	normal	Milestone:
Component:	mod_redirect	Version:	1.4.18
Severity:	normal	Keywords:
Cc:		Blocking:
Need Feedback:	0

Description

As reported earlier this year on the mailing list, opening this ticket now for tracking purposes. I'll try to provide a patch later.

The issue: when $n and %n references are used within mod_redirect, the resulting value should be properly encoded to be used in a (Location) header. I believe this is not being done by mod_redirect (and possibly mod_rewrite) currently.

Example:

$HTTP["host"] =~ ""^www\.(.*)" {
  $HTTP["referer"] =~ "(.*)" {
    url.redirect = (
      "^/(.*)" => "http://www2.mydomain.com/myscript.php?path=$1&ref=%1"
    )
  }
}

Testing the example:

~ $ curl -e 'http://myreferer/' -I 'http://www.domain.com/'
HTTP/1.1 301 Moved Permanently
Location:
http://www2.mydomain.com/myscript.php?path=domain.com/&ref=http://myreferer/
Content-Length: 0
Date: Tue, 21 Mar 2006 10:08:46 GMT
Server: lighttpd/1.4.11

As you can see, the 'Location' URL is not properly encoded. It should look something like:

.../myscript.php?path=domain.com%2F&ref=http%3A%2F%2Fmyreferer%2F

So I think the decoding pass is made by Lighttpd, but mod_redirect should make sure to make the encoding pass when placing parameters in a URL.

Attachments

lighttpd-1.4.18-redirect-rewrite-urlencoding.patch (5.1 kB) - added by spillgroup on 01/31/2008 08:30:43 AM.

Change History

Add/Change #911 (Need for URL encoding in mod_redirect and possibly mod_rewrite)

Your email or username:

Comment (you may use WikiFormatting here):

Change Properties

Summary:
Type:
Priority:		Milestone:
Component:		Version:
Severity:		Keywords:
Cc:		Blocking:
Need Feedback:

Download in other formats: