Summary: | Location header in response to PUT is not %-escaped | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Wim Lewis <wiml> |
Component: | mod_dav | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | Juergen.Mertens |
Priority: | P2 | Keywords: | RFC |
Version: | 2.4.3 | ||
Target Milestone: | --- | ||
Hardware: | Macintosh | ||
OS: | All | ||
Bug Depends on: | 54611 | ||
Bug Blocks: |
Description
Wim Lewis
2013-01-02 23:18:19 UTC
See also <https://issues.apache.org/bugzilla/show_bug.cgi?id=54611>, which seems like a more general case of Location headers not doing proper URI encoding. In trunk/2.5 r1470683, Apache simply doesn't return a Location: header for PUTs any more (sigh), but the problem still happens for eg MKCOL. % curl -ik -X MKCOL 'http://localhost:9080/wiml/foo%0D%0Aoo' HTTP/1.1 201 Created Date: Tue, 23 Apr 2013 00:48:10 GMT Server: Apache/2.5.0-dev (Unix) OpenSSL/1.0.1c Location: http://localhost:9080/wiml/foo oo Content-Length: 71 Content-Type: text/html; charset=ISO-8859-1 Can you verify whether the patch applied from 54611 fixes this? Yes 54611 resolved this. The problem still exists under Debian 8 (Apache 2.4.10-8). So I think 54611 fix was not fixing this one (In reply to Juergen Mertens from comment #5) I just ran the 'curl' test above against a bunch of recent httpd releases and it appears to be fixed in 2.4.6 and later (working: 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.13-dev (r1665231), and 2.5.0-dev (r1665385); not working: 2.4.2, 2.4.4); methods MKCOL and PUT; on OSX 10.9.5. (I did notice that the bug you can see in my earlier report where the response is truncated after the "<title>" is also fixed as of 2.4.12!) Can you give more information on what request you're sending and what you're receiving back from the server? Verified (again) this is fixed in the current release, assume some mistake earlier. |