Menu
▾
▴
Re: [naviserver-devel] url-encoding and ns_returnredirect, RFC updates
|
From: Gustaf N. <ne...@wu...> - 2017-04-05 13:54:59
|
These changes are now in the repository at bitbucket and running on OpenACS.org. I've as well committed the changes for Coockie-Encoding RFC 6265 (HTTP State Management Mechanism, 2011) (together with new calls for Ns_Cookie[En|De]code()), such we have now a well defined state based on the actual RFCs for these encoding tasks and not only something, which happens to work. Some encoding changed, one has to re-issue e.g. cookies containing spaces (the encoding used the "+" encoding), but on sites like openacs.org this did not cause problems. Furthermore, the interoperability with other software processing cookies should be improved now. all the best -gn Am 01.04.17 um 17:49 schrieb Gustaf Neumann: > Dear all, > > While working on the encodings, i found the following issue with > NaviServer url decoding. RFC 3986 (as well as earlier RFCs) define a > path as a sequence of segments, separated by slashes "/": > path-abempty = *( "/" segment ) > path-absolute = "/" [ segment-nz *( "/" segment ) ] > path-noscheme = segment-nz-nc *( "/" segment ) > path-rootless = segment-nz *( "/" segment ) > > NaviServer decodes in request.c the whole URL with a single > Ns_UrlPathDecode(), which is effectively the decode operation of a > segment (!). This means, that the following two entries are treated > identically: > /foo/bar1%2fbaz.tcl > /foo/bar/baz.tcl > whereas this should refer to the two following [ns_conn urlv] values > {foo bar/baz.tcl} > {foo bar baz.tcl} > See as well in [1], which states explicitly, that > the URIs http://www.w3.org/albert/bertram/marie-claude > and http://www.w3.org/albert/bertram%2Fmarie-claude > > are NOT identical, as in the second case the encoded slash does not > have hierarchical significance. > It is not good that a user of NaviServer has currently no means to > detect the difference between this two cases, since it treats these as > identical. Interestingly, Apache rejects per default requests with > paths containing %2f (see discussion in [2]). I am currently > considering keeping [ns_conn url] as it is, but to return in [ns_conn > urlv] the correct hierarchical structure. Comments? -g [1] > https://www.w3.org/Addressing/URL/4_URI_Recommentations.html [2] > http://stackoverflow.com/questions/3235219/urlencoded-forward-slash-is-breaking-url > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel -- Univ.Prof. Dr. Gustaf Neumann WU Vienna Institute of Information Systems and New Media Welthandelsplatz 1, A-1020 Vienna, Austria |
