[pkg-lighttpd] Bug#520124: lighttpd: please release ...
Stefan Bühler
lighttpd at stbuehler.de
Mon Apr 20 16:52:11 UTC 2009
Don't wait for this bug. As long as no one has a good idea how to handle this,
there will be no patch.
Here the commit message for the revert:
Revert url decoding+simplifying before matching of mod_rewrite/mod_redirect
- Lot of regressions (we forgot to reencode the result)
- Generic problem: after decode and rewrite "a?b?c": which '?' was the
path?query seperator?
- Possible solution: only decode printable characters (without '?'), and
encode the result; do not encode the '%' of a not decoded character.
- Still a problem with path simplifying, it seems many people use urls like
this: http://server1/http%3a//server2/xxx
and rewrite the path into the querystring.
- Probably only usable with an extra config option
=> Do NOT use rewrite/redirect to protect specific urls.
More information about the pkg-lighttpd-maintainers
mailing list