Bug 54611 - Location header for dav_created not URI encoded
Summary: Location header for dav_created not URI encoded
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_dav (show other bugs)
Version: 2.4.3
Hardware: PC Mac OS X 10.4
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks: 54367
  Show dependency tree
 
Reported: 2013-02-26 04:10 UTC by Timothy Wood
Modified: 2015-03-10 06:13 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Timothy Wood 2013-02-26 04:10:43 UTC
I'm not sure this is the right approach, but returning a non-encoded URI certainly isn't. In particular, I wonder if the optimization of using unparsed_uri is good or whether the r->uri should be escaped.

Again, diff is vs our local copy of 2.4.3.

-tim


Index: trunk/Apache/httpd/modules/dav/main/mod_dav.c
===================================================================
--- trunk/Apache/httpd/modules/dav/main/mod_dav.c	(revision 180429)
+++ trunk/Apache/httpd/modules/dav/main/mod_dav.c	(revision 180431)
@@ -611,7 +611,9 @@
    const char *body;

    if (locn == NULL) {
-        locn = r->uri;
+        locn = r->unparsed_uri;
+    } else {
+        locn = ap_escape_uri(r->pool, locn);
    }

    /* did the target resource already exist? */
Comment 1 Timothy Wood 2013-02-26 04:11:30 UTC
A specific case of this may be <https://issues.apache.org/bugzilla/show_bug.cgi?id=54367> but all Location-returning commands have the issue.
Comment 2 Wim Lewis 2013-04-23 01:52:24 UTC
A quick test against trunk/2.5 r1470683 shows that the bug still exists there and this patch still fixes it there.
Comment 3 Graham Leggett 2013-04-27 16:56:03 UTC
Applied to trunk in r1476621.
Comment 4 Graham Leggett 2013-05-23 13:19:21 UTC
Proposed for backport to v2.4 and v2.2.
Comment 5 Graham Leggett 2013-05-23 14:14:39 UTC
Backported to v2.4.
Comment 6 Wim Lewis 2015-03-10 03:23:47 UTC
I think this is fixed; see my comment in bug 54367.
Comment 7 Christophe JAILLET 2015-03-10 06:13:36 UTC
See r1485721 for the backport in 2.4.x
It was part of 2.4.5

See r1497121 for the backport in 2.2.x
It was part of 2.2.25