From: Olivier D. <dr...@sh...> - 2002-09-16 03:03:17
|
I'm having trouble with redirect relative urls. The following doesn't work: main.perl?.state=submitted and looking at the regex it's not surprising: <line 680-680> # allow relative URLs with sane values return 1 if $url =~ m#^[a-z0-9_\-\.\,\+\/]+$#i; </line> Anybody against changing the regex to: m#^[\w_-,\.\+\?\=\+%/]+$#; which if I'm not mistaken will allow maching of CGI characters. Would that be too insecure? When using CGI urls, do we want to force people into using absolute urls? Thoughts? -Olivier -- __-/| ? ? |\-__ __--/ / \ (^^) / \ \--__ _-/ / / \ / ( ) / \ \ \-_ / / / / ~( ^^ ~ \ \ \ \ / Oli Dragon dr...@sh... \ / Sfwr Eng III ( McMaster University \ / / / __--_ ( ) __--__ \ \ \ | / / _/ \_ \_ \_ \ \ | \/ / _/ \_ \_ \_ \ \/ \_/ / -\_\ \ \_/ \/ -) \/ *~ ___--<******************************************************>--___ [http://pgp.mit.edu:11371/pks/lookup?search=olivier+dragon&op=index] ~~~--<******************************************************>--~~~ |