https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #6 from Guido Jäkel <g.jae...@dnb.de> --- (In reply to Mark Thomas from comment #5) > Thanks. I see what you are trying to do now. This is going to be an > interesting problem to solve. I suspect that it will require fixes / changes > in multiple components. For my requirements, no other fixes as the attached patch to mod_jk are needed. I don't take a look on Tomcat because i'm using Wildfly as the backend. Also, i', using AJP as the transport and i don't look on HTTP here. > For those following along, take a look at the examples here: > https://restfulapi.net/resource-naming/ IMHO the RFC states that an URL/URI consist of (others and) path elements. This path elements are separated/delimited by a slash character ('/'). Therefore, if the payload of a path element contain a slash, this MUST be percent-encoded. The current semantic behavior of mod_jk is to escape "everything that need this". And that's correct for the most cases. The Apache httpd framework have already "normalized" the URL many steps before. If mod_jk find a special character here, it have to encode it for a proper transport to the downstream server. If there is a single percent sign here (after decoding by the httpd!), it have to be escaped to '%25'. The exception here is that the httpd is instructed (by AllowEncodedSlashes NoDecode) to keep some slashes (only within path elements) undecoded. There is no special "information tagging" about this, but the only source for the apperance of the character sequence '%2F' at this point within the mod_jk code is that it is the result of this intended unescaping of a slash. Note that this holds only for this entity 'slash' used as the path element separator and not for and %XX at common. For the convenience to see what i'm talking about, I embed here the content of the short patch: --- native/common/jk_url.c.20150101-212250 2015-01-01 21:22:50.000000000 +0100 +++ native/common/jk_url.c 2018-06-27 09:12:28.250361091 +0200 @@ -88,6 +88,11 @@ y[j] = ch; continue; } +/* don't double-escape a following '%2F' ('/'), just pass the '%' and continue */ + if (ch == '%' && x[i+1] == '2' && strchr("fF", x[i+2])) { + y[j] = ch; + continue; + } /* recode it, if necessary */ if (!jk_isalnum(ch) && !strchr(allowed, ch)) { if (j+2<maxlen) { -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
