>Number: 2389
>Category: general
>Synopsis: Problem when %2f appears in PATH_INFO
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Jun 9 03:30:00 PDT 1998
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.0
>Environment:
Red Hat Linux 5.0, gcc 2.7.2.3, Linux dt09q1n8c 2.0.32 #5 Thu Apr 30 23:01:52
EDT 1998 i586 unknown
>Description:
I was trying to work around a possible Internet Explorer bug, and noticed that
URLs of the form
http://host/cgi-bin/script/http%3a%2f%2fotherhost/...
don't work. I was purposely encoding / as %2f (which I think ought to be valid)
to try and avoid what appears to be the removal of // or at least collapse of //
to / by MSIE.
>How-To-Repeat:
The following CGI script demonstrates the problem:
#!/bin/sh
echo "Content-type: text/plain"
echo ""
echo "PATH_INFO: $PATH_INFO"
When invoked as (for example):
http://yourhost/cgi-bin/rdir/http%3a%2f%2fwww.apache.org/
the response seen in Netscape is
Not Found
The requested URL /cgi-bin/rdir/http://www.apache.org/ was not found on this
server.
If you invoke it as
http://yourhost/cgi-bin/rdir/http%3a//www.apache.org/
it works fine.
>Fix:
Unfortunately, no.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
