Bug 54611

Summary: Location header for dav_created not URI encoded
Product: Apache httpd-2 Reporter: Timothy Wood <tjw>
Component: mod_davAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.4.3   
Target Milestone: ---   
Hardware: PC   
OS: Mac OS X 10.4   
Bug Depends on:    
Bug Blocks: 54367    

Description Timothy Wood 2013-02-26 04:10:43 UTC 
I'm not sure this is the right approach, but returning a non-encoded URI certainly isn't. In particular, I wonder if the optimization of using unparsed_uri is good or whether the r->uri should be escaped.

Again, diff is vs our local copy of 2.4.3.

-tim


Index: trunk/Apache/httpd/modules/dav/main/mod_dav.c
===================================================================
--- trunk/Apache/httpd/modules/dav/main/mod_dav.c	(revision 180429)
+++ trunk/Apache/httpd/modules/dav/main/mod_dav.c	(revision 180431)
@@ -611,7 +611,9 @@
    const char *body;

    if (locn == NULL) {
-        locn = r->uri;
+        locn = r->unparsed_uri;
+    } else {
+        locn = ap_escape_uri(r->pool, locn);
    }

    /* did the target resource already exist? */
Comment 1 Timothy Wood 2013-02-26 04:11:30 UTC 
A specific case of this may be <https://issues.apache.org/bugzilla/show_bug.cgi?id=54367> but all Location-returning commands have the issue.
Comment 2 Wim Lewis 2013-04-23 01:52:24 UTC 
A quick test against trunk/2.5 r1470683 shows that the bug still exists there and this patch still fixes it there.
Comment 3 Graham Leggett 2013-04-27 16:56:03 UTC 
Applied to trunk in r1476621.
Comment 4 Graham Leggett 2013-05-23 13:19:21 UTC 
Proposed for backport to v2.4 and v2.2.
Comment 5 Graham Leggett 2013-05-23 14:14:39 UTC 
Backported to v2.4.
Comment 6 Wim Lewis 2015-03-10 03:23:47 UTC 
I think this is fixed; see my comment in bug 54367.
Comment 7 Christophe JAILLET 2015-03-10 06:13:36 UTC 
See r1485721 for the backport in 2.4.x
It was part of 2.4.5

See r1497121 for the backport in 2.2.x
It was part of 2.2.25