Re: [twsocket] HTTP client relocation
On 20-Nov-05 11:04:30 Francois PIETTE wrote: >The question is: Should the HTTP client component implement this >relative >path removal algorithm ? If it is formally valid yes. But it could be tricky to do because sometimes the relative path could be a little "strange" :-) >> >>>Can you give and example of "strange" relative path ? >> >> ../../adir/subdir/../anothersubdir/./etc/../../where_I_am >> >> This can happen when the path is "composed". I don't know if it is >> happen in the web, I followed a similar discussion in the development >> of an OS so I "traslated" it for the web. >> BTW is the "." allowed? >Yes, a "." is allowed but has no effect. The algorithm to absolutize such >relative path is not very complex. You have to prepend the current path >before processing. Then simply replace all "/./" by "/", then remove ending >"/.", then parse from left to right, each time you find a "subdir/..", you >simply delete it. Until there is no more "/.." in the path. I know that the algorithm is not complex :-) I want only point out that it is possible that the relative parte could be even in the middle and not only at start. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
The question is: Should the HTTP client component implement this relative path removal algorithm ? >>> >>> If it is formally valid yes. But it could be tricky to do because >>> sometimes the relative path could be a little "strange" :-) > >>Can you give and example of "strange" relative path ? > > ../../adir/subdir/../anothersubdir/./etc/../../where_I_am > > This can happen when the path is "composed". I don't know if it is > happen in the web, I followed a similar discussion in the development > of an OS so I "traslated" it for the web. > BTW is the "." allowed? Yes, a "." is allowed but has no effect. The algorithm to absolutize such relative path is not very complex. You have to prepend the current path before processing. Then simply replace all "/./" by "/", then remove ending "/.", then parse from left to right, each time you find a "subdir/..", you simply delete it. Until there is no more "/.." in the path. There can be invalid relative path such as "/dir1/../../dir2/where_I_am". The behaviour is then undefined. I would simply replace parent directory when it goes before root directory. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
On 19-Nov-05 09:59:28 Francois PIETTE wrote: >>>The question is: Should the HTTP client component implement this relative >>>path removal algorithm ? >> >> If it is formally valid yes. But it could be tricky to do because >> sometimes the relative path could be a little "strange" :-) >Can you give and example of "strange" relative path ? ../../adir/subdir/../anothersubdir/./etc/../../where_I_am This can happen when the path is "composed". I don't know if it is happen in the web, I followed a similar discussion in the development of an OS so I "traslated" it for the web. BTW is the "." allowed? Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
> We could add a new property LocationChangeMaxCount with a default > value of let's say 5 (as suggested by RFC1945 section 9.3) and an new > event OnLocationChangeExceeded taking as arguments the sender, the > current count (RelocationCount), and as a var argument, defaulting to > FALSE, a boolean allowing to continue relocation (Let's call it > AllowMoreRelocation). When no more relocation is allowed, the request > end with a 311 status code and "Too many relocations" reason phrase. > > Anyone willing to implement that ? I'll look at this, since it's a problem with a site on one my web site links pages, I found it using a simple link checker application. Am I right in thinking the HTTP compression stuff has not yet made it into a released ICS? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
>>The question is: Should the HTTP client component implement this relative >>path removal algorithm ? > > If it is formally valid yes. But it could be tricky to do because > sometimes the relative path could be a little "strange" :-) Can you give and example of "strange" relative path ? -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
>> But there is another problem in relocation when the relocation is to the >> same URL, and the component gets stuck in a loop. This frequently happend because many relocations are just to grab cookies. If the application doesn't handle cookies, you end with an infinite loop. > This is an easy fix, just set a relocation limit, like Internet Explorer > and Firefox do That's a good idea. We could add a new property LocationChangeMaxCount with a default value of let's say 5 (as suggested by RFC1945 section 9.3) and an new event OnLocationChangeExceeded taking as arguments the sender, the current count (RelocationCount), and as a var argument, defaulting to FALSE, a boolean allowing to continue relocation (Let's call it AllowMoreRelocation). When no more relocation is allowed, the request end with a 311 status code and "Too many relocations" reason phrase. Anyone willing to implement that ? -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
Angus Robertson - Magenta Systems Ltd wrote: >But there is another problem in relocation when the relocation is to the same >URL, and the component gets stuck in a loop. > This is an easy fix, just set a relocation limit, like Internet Explorer and Firefox do Cheers, Nicholas Sherlock -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
On 17-Nov-05 20:00:16 Francois PIETTE wrote: >The question is: Should the HTTP client component implement this relative >path removal algorithm ? If it is formally valid yes. But it could be tricky to do because sometimes the relative path could be a little "strange" :-) And the problem that Angus raised could be very dangerous, not only when the redirect point to the same url, but even when we have more relocation that at some point point to an url of the followed chain. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP client relocation
> The question is: Should the HTTP client component implement this > relative path removal algorithm ? In my opinion it should. I've not reported it before, and I've lost my fix due to installing new ICS versions over the last month. But there is another problem in relocation when the relocation is to the same URL, and the component gets stuck in a loop. Again this is really a server issue, but letting their bug crash our application is not really on. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be