On Mon, Mar 13, 2023 at 12:05 PM Yann Ylavic <ylavic....@gmail.com> wrote: > > On Mon, Mar 13, 2023 at 4:13 PM Ruediger Pluem <rpl...@apache.org> wrote: > > > > On 3/13/23 4:04 PM, Eric Covener wrote: > > > On Mon, Mar 13, 2023 at 10:59 AM Ruediger Pluem <rpl...@apache.org> wrote: > > >> > > >> > > >> > > >> On 3/13/23 3:23 PM, Eric Covener wrote: > > >>> Yann, can you check out the failure I committed and see if it's me or > > >>> unintended? Everything else went pretty smooth and looks useful in a > > >>> bind. > > >>> > > >>> # Check /modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d > > >>> for foo/bar/ baz%0d > > >>> # rewritten query 'foo%2fbar%2f+baz%2f%0d' > > >>> # expected: 'foo/bar/ baz%0d' > > >>> # received: 'foo%2fbar%2f+baz%2f%0d' > > >>> not ok 67 > > >>> > > >>> > > >>> RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*) > > >>> /?$1 "[B= ?,BNEG,BCTLS]" > > >> > > >> I think the test is wrong. Due to BCTLS being set spaces get escaped. > > >> I think you should change the flags to "[B= ?,BNEG]" > > > > > > I wonder if being able to negate items in BCTL is useful though? At > > > least the space. > > > In the test case, it's not so useful for the query string as that will > > > be checked and fail currently (if we knew the user did escaping, maybe > > > we could drop the check in mod_rewrite.c and fix more of the impacted > > > corner cases) > > > > > > But a capture of a space could need to go into a local filename, without > > > [PT]. > > I could get where you want to with the attached patch (before you > disabled the test in r1908350). > It makes so that anything BNEG'ed overrides BCTLS, which can be useful > to let space through while still encoding controls. > I had to fix the local_bctls_nospace RewriteRule to not encode '/' > (not expected in the result) and add a missing '/' in the result too.
+ RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*) /?$1 "[B= /,BNEG,BCTLS]" + [ "/modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d" => "foo/bar/ baz/%0d"], # CTLS but allow space I'm not sure I understand this, / isn't a CTL so why do we need to exclude it with B+BNEG to have it passed through in the test?
