Yes, my vendor is really that brain-damaged. Yes, I have told them
that. But I'm not absolutely sure if my vendor ever sends those, it was
< and > that I identified, but as long as I was writing the code, and
had been told that mongrel insisted on absolute legal URIs and if it
wasn't legal by the standard I shouldn't expect mongrel to do anything
but refuse it--I might as well catch anything else that could make an
illegal URI. But actually, yeah, what they are doing is putting
unescaped _xml_ fragments in a url query string. &foo=<foo>bar</foo>.
So yeah, a backslash will be in a query string too.
Interesting to me that mongrel no longer chokes on these, since when it
was brought up before I was told that there was no way no how that
mongrel was ever going to do anything but choke on them. :) If I can
find my test cases from my vendor around, I'll see if current mongrels
no longer need my workaround, even though you guys told me that would
never ever happen. But I run latest ruby gem release, I don't run from
svn trunk.
Jonathan
Eric Wong wrote:
Jonathan Rochkind <rochk...@jhu.edu> wrote:
My problem was with invalid query strings being sent to me by a vendor,
not with problems in the header. So it won't be _exactly_ the same. I'm
not sure if an apache rewrite map can change headers or not; it can
change path/query string, which is all I needed. But I can show you what
I did, in case it gives you ideas. It was a bit of a pain to figure out.
And here's the simple Perl script that replaced illegal chars in URL
path/query string:
http://umlaut.rubyforge.org/svn/trunk/script/umlaut/rewrite_map.pl
These two those are no longer needed with the SVN version (which
we currently run in production on a pretty heavy site). I think
it was IE6 sending them and we can't ignore IE6 :<
s/>/%3E/g;
s/</%3C/g;
Unfortunately I don't think it made the 1.1.5 release
http://mongrel.rubyforge.org/browser/trunk/ext/http11/http11_parser.c?rev=996
I don't think I ever saw Mongrel error out on these. Is your vendor
really that brain damaged?
s/\//%2F/g;
s/\\/%5C/g;
But man, this just creeps me out:
s/ /\+/g;
ps: "tr/ /+/;" should be a tick faster than "s/ /\+/g;" :)
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
