>Number: 4766
>Category: mod_rewrite
>Synopsis: RewriteRule behaves unexpectedly when URL contains an ampersand
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Jul 26 00:20:03 PDT 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.6
>Environment:
Slackware 4.0, Linux 2.2.9, gcc egcs-2.91.66 19990314, i686
>Description:
In a URL containing an ampersand (%26), the & is magically translated (under a
certain set of conditions) to the results of the last RewriteMap lookup, which
is wrong as far as I know.
>How-To-Repeat:
# lookup a ~username in a custom way using a rewritemap, return
# filesystem path and append to it the rest of the URL
RewriteMap homedir prg:/usr/local/bin/homedirlookup.pl
RewriteCond ${homedir:$1} (.+)
RewriteRule ^/~([^/]+)(.*)$ %1$2
If the (.*) part of the URL (ie, the part that becomes $2) contains an
ampersand (as in /~bob/this&that.gif ), the & in $2 will be
mysteriously translated to a duplicate of the results of the last RewriteMap
(which in this case are also located in %1). Therefore, if the results of
the map lookup had been /home/server/bob, the URL would be rewritten to
/home/server/bob/this/home/server/bobthat.gif rather than the
/home/server/bob/this&that.gif that is expected.
>Fix:
My temporary work-around is to backslash the ampersands with a stupid set of
perl scripts that just look for ampersands and backslash them if they exist
prior to the above set of rules and un-backslash them if they still exist
after the above rules. It's not a good solution, as it involves a lot of
overhead that shouldn't be necessary. I'm also using the int:escape and
int:unescape RewriteMap functions for other reasons... those might provide
another workaround on their own.
I'm looking through the code for mod_rewrite to try and find possible culprits
here, but I haven't had the time to really concentrate on it yet.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
