The following reply was made to PR protocol/2602; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: Apache bugs database <[EMAIL PROTECTED]> Cc: Subject: Re: protocol/2602: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param... (fwd) Date: Thu, 16 Jul 1998 17:26:55 -0700 (PDT) ---------- Forwarded message ---------- Date: Thu, 16 Jul 1998 18:15:01 +0300 (EET DST) From: Super-User <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: protocol/2602: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f before searching cginame?param... > > Synopsis: GET /cgi-bin/cginame%3Fparam=/path/filename does not replace %3f > before searching cginame?param... > > State-Changed-From-To: open-closed > State-Changed-By: marc > State-Changed-When: Thu Jul 16 00:11:59 PDT 1998 > State-Changed-Why: > The current behaviour is correct. As URL specs detail, > '?' is a reserved character which are reserved for special > meaning. > > For example, see section 2.2 of RFC-1738. > > You can _not_ encode all characters, and encoding a > reserved character can and (in this case) does change > the semantics of the particular URL. O.K. could be. Now what do you suggest I should use to make Windoze clients download cgi results correctly (i.e. use the last part of the url and NOT the cgi name) ? Or any other solution to restrict access to files based on IP of the client and NOT on passwords (those could be sniffed) ? Or any means to hack the apache code to accept parsing of %3F in cgi's ? Last but not least, would it hurt if this parsing of reserved characters (at least '?') would be an option in the apache config file ?(although I haven't met yet any cgi containing '?' in it's name) I'd be very greatful if you could help me stop getting bugged by windozers wanting to d/l restricted files. (on my unix box, netscape does the downloads just o.k., it does not choke on the question mark). Andrei P
