https://bz.apache.org/bugzilla/show_bug.cgi?id=40453
--- Comment #4 from Rich Bowen <[email protected]> --- This is a code bug, not just a documentation issue. The compare_lexicography() function in mod_rewrite.c (around L4102 in trunk) compares string lengths first: when strings differ in length, the longer string is always "greater" regardless of content. "AAA" > "B" is objectively wrong. The case-insensitive path ([NC] flag) correctly uses strcasecmp() and does not have this problem. The fix is a one-liner — replace the length-first logic with strcmp(): --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c static APR_INLINE int compare_lexicography(char *a, char *b) { - apr_size_t i, lena, lenb; - - lena = strlen(a); - lenb = strlen(b); - - if (lena == lenb) { - for (i = 0; i < lena; ++i) { - if (a[i] != b[i]) { - return ((unsigned char)a[i] > (unsigned char)b[i]) ? 1 : -1; - } - } - - return 0; - } - - return ((lena > lenb) ? 1 : -1); + return strcmp(a, b); } I don't think "historical behavior" is a reason to preserve this. Nobody is relying on "AAA" being greater than "B" — and if they are, their config is already broken in ways they don't realize. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
