Re: svn commit: r1584417 - in /httpd/httpd/trunk: docs/manual/rewrite/flags.xml modules/mappers/mod_rewrite.c

Fri, 04 Apr 2014 00:17:19 -0700 


[email protected] wrote:
> Author: covener
> Date: Thu Apr  3 21:53:14 2014
> New Revision: 1584417
> 
> URL: http://svn.apache.org/r1584417
> Log:
> allow users to workaround the over-agressive backreference
> escaping by selecting the characters to escape. 
> 
> 
> Modified:
>     httpd/httpd/trunk/docs/manual/rewrite/flags.xml
>     httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> 
> Modified: httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/flags.xml?rev=1584417&r1=1584416&r2=1584417&view=diff
> ==============================================================================

> 
> Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1584417&r1=1584416&r2=1584417&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Thu Apr  3 21:53:14 2014

> @@ -631,21 +632,36 @@ static APR_INLINE unsigned char *c2x(uns
>   * Escapes a uri in a similar way as php's urlencode does.
>   * Based on ap_os_escape_path in server/util.c
>   */
> -static char *escape_uri(apr_pool_t *p, const char *path) {
> +static char *escape_uri(apr_pool_t *p, const char *path, const char 
> *escapeme) {
>      char *copy = apr_palloc(p, 3 * strlen(path) + 3);
>      const unsigned char *s = (const unsigned char *)path;
>      unsigned char *d = (unsigned char *)copy;
>      unsigned c;
>  
>      while ((c = *s)) {
> -        if (apr_isalnum(c) || c == '_') {
> -            *d++ = c;
> -        }
> -        else if (c == ' ') {
> -            *d++ = '+';
> +        if (!escapeme) { 
> +            if (apr_isalnum(c) || c == '_') {
> +                *d++ = c;
> +            }
> +            else if (c == ' ') {
> +                *d++ = '+';
> +            }
> +            else {
> +                d = c2x(c, '%', d);
> +            }
>          }
> -        else {
> -            d = c2x(c, '%', d);
> +        else { 
> +            const char *esc = escapeme;
> +            while (*esc) { 
> +                if (c == *esc) { 
> +                    d = c2x(c, '%', d);
> +                    break;
> +                }
> +                ++esc;
> +            }
> +            if (!*esc) { 
> +                *d++ = c;
> +            }

Hmm. What about the special case to escape ' ' to '+' and not to a hex value in 
this case?

Regards

RĂ¼diger

Reply via email to