Apache 1.3.3 CGIs and escaped '/'

Apache 1.3.3 CGIs and escaped '/'

Post by Mohit Aro » Sun, 27 Dec 1998 04:00:00



Hi,
        Apache 1.3.3 rejects an escaped '/' in all URLs - even if its an
argument to a CGI script. So for example, in the default distribution the
following would work:
        http://serverhost/cgi-bin/printenv/a/a/
while the following would not:
        http://serverhost/cgi-bin/printenv/a%2fa/

Notice that the '/' has been encoded into '%2f' in the second URL. I do not
understand why Apache insists on discarding URLs where a '/' is encoded into
'%2f'. I filed a bug report and the reason quoted by the maintainers was that
they don't want unsuspecting CGI scripts from unknowingly allow the '%2f' where
a '/' would have failed. I have two objections to this:
1) Firstly the webserver unescapes all arguments to the CGI script before
   invoking it - hence the CGI won't see a '%2f' in the first place.
2) The Apache maintainers are trying to violate a very basic rule - separation
   of mechanism and policy. Rather than providing the mechanism, they're
   enforcing the policy of not accepting '%2f'.

The reason I want this restriction removed is because there is software out
there that escapes all arguments to CGI scripts - even '/'. This software
completely fails with Apache - an example is the Tech Report server software
called Dienst available from http://www.ncstrl.org/ and used by most major
Universities.

- Mohit

 
 
 

1. sed -e 's/\'a\'/\';\'/' ?

Hi,

my question is, how can I mask the single
quotation mark in my file for sed

I have a lot of SQL-Loader files of this kind:

cat t55.ctl
load data
infile 't55'
truncate
into table A_220_T55
fields terminated by ';' TRAILING NULLCOLS
(AAA_000_KEY    char ,
B_220_BBB_LFD_NR char ,
AAA_220_BBB     char )

there is given a delimiter ';'

The delimiter should be changed to a.

#!/bin/ksh
#set -x
for file in t*.ctl
do
sed -e 's/;/a/' $file >$file.new
mv $file.new $file
done

That's ok.

Now the delimiter should be rechanged from a to ;.
I'd tried

sed -e 's/\'a\'/\';\'/' $file >$file.new

It doesn't work.

How to mask the single quotation mark inside the sed command?

TIA,

Nele

2. I need help for pppd

3. Can 'require' override 'allow'/'deny' (Apache)

4. Volume manager and OS upgrade- newbie.

5. CGI on '/' with Apache?

6. Snarfing the Boot Record: How?

7. trailing slashes ('/') on apache server

8. Commerical revision control system

9. UID/GID = apache, but HOME='/' ... why?

10. Bummer escaping $1 in awk '/^\(\"cdfDump/{if (ok == 1

11. CGI as '/' with Apache?

12. Why does 'ls' give '/' as the output?

13. sed and '/' to '\/' conversion.