here we go. add a directive that will keep %2f from being

decoded into '/', allowing the *_walk to do their magic and return 404 if it's in the path, and allowing it in the path-info. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98479 13f79535-47bb-0310-9956-ffa450edef68
2025-08-13 14:40:20 +00:00 · 2003-01-23 21:34:13 +00:00
parent bc20e54bd4
commit 12b11896a7
6 changed files with 94 additions and 8 deletions
--- a/server/util.c
+++ b/server/util.c
@ -1595,6 +1595,57 @@ AP_DECLARE(int) ap_unescape_url(char *url)
        return OK;
 }

+AP_DECLARE(int) ap_unescape_url_keep2f(char *url)
+{
+    register int badesc, badpath;
+    char *x, *y;
+
+    badesc = 0;
+    badpath = 0;
+    /* Initial scan for first '%'. Don't bother writing values before
+     * seeing a '%' */
+    y = strchr(url, '%');
+    if (y == NULL) {
+        return OK;
+    }
+    for (x = y; *y; ++x, ++y) {
+        if (*y != '%') {
+            *x = *y;
+        }
+        else {
+            if (!apr_isxdigit(*(y + 1)) || !apr_isxdigit(*(y + 2))) {
+                badesc = 1;
+                *x = '%';
+            }
+            else {
+                char decoded;
+                decoded = x2c(y + 1);
+                if (IS_SLASH(decoded)) {
+                    *x++ = *y++;
+                    *x = *y;
+                }
+                else {
+                    *x = decoded;
+                    y += 2;
+                    if (decoded == '\0') {
+                        badpath = 1;
+                    }
+                }
+            }
+        }
+    }
+    *x = '\0';
+    if (badesc) {
+        return HTTP_BAD_REQUEST;
+    }
+    else if (badpath) {
+        return HTTP_NOT_FOUND;
+    }
+    else {
+        return OK;
+    }
+}
+
 AP_DECLARE(char *) ap_construct_server(apr_pool_t *p, const char *hostname,
                                       apr_port_t port, const request_rec *r)
 {