https://bz.apache.org/bugzilla/show_bug.cgi?id=66372
Bug ID: 66372
Summary: Ambiguous and undocumented syntax of quoted strings
Product: Apache httpd-2
Version: 2.4.54
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: Runtime Config
Assignee: bugs@httpd.apache.org
Reporter: wallfur+apa...@gmail.com
Target Milestone: ---
https://httpd.apache.org/docs/trunk/configuring.html#syntax says only
"Arguments to directives are separated by whitespace. If an argument contains
spaces, you must enclose that argument in quotes."
It does not specify whether this means double and/or single, that backslash is
used as the escape character, nor any rules about escaping. I did some testing
and also noticed some odd behaviour. I added the following test config to the
default htdocs <Directory>:
"Header""always""set""X-Space-Check""Wut"
Header always set Content-Disposition "inline; filename=\"I can't believe
it's not header!.html\""
Header always set Arbitrary-Data "//\\/\/\\"
Header always set Expr-Test-Single passed "expr=%{REQUEST_URI} =~
/[a-z]\.h/"
Header always set Expr-Test-Double passed "expr=%{REQUEST_URI} =~
/[a-z]\\.h/" AllowOverride All
RewriteEngine On
RewriteRule ^x\.html$ index.html [END]
RewriteRule "^y\.html$" index.html [END]
"RewriteRule""^z\.html$""index.html""[END]"
"RewriteRule" "^p\\.html$" "index.html" "[END]"
#"RewriteRule" "^q\".html$" "index.html" "[END]"
#"RewriteRule" "^r\\\".html$" "index.html" "[END]"
All headers were set.
The first directive indicates that whitespace between quoted params is ignored,
contrary to the docs. I was checking whether repeated delimiters could be used
as an escape method. It'd be simpler, but the current behaviour would make that
a backwards-compatibility breakage.
The third line indicates the backslash is passed through if not escaping
another, or a delimiter, because it outputs this:
Arbitrary-Data: //\/\/\
Likewise, the expr= tests both behave as if the regex engine only sees a single
backslash before the dot.
The x, y & z rewrite rules all match in the same manner, again ignoring the
concatenation of quoted strings. A request for /p.html causes a 404, suggesting
the doubled-backslash does not get parsed into a single, unlike the Header
directive literals.
The q & r rules are commented out because they each trigger this error:
AH00526: Syntax error on line 258 of /path/to/httpd/compiled/conf/httpd.conf:
RewriteRule: bad flag delimiters
whereas I'd expect "^q\".html$" and "^r\\\".html$" to be parsed into ^q".html$
and ^r\".html$, respectively, even if they wouldn't match any requests.
---
I started a discussion about it here
https://stackoverflow.com/q/74636889/315024 because I feel I'm not looking in
the right place.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
