[Mongrel] Bare carriage returns in HTTP headers
Eric Wong
normalperson at yhbt.net
Thu Mar 26 14:53:00 EDT 2009
Jonathan Rochkind <rochkind at jhu.edu> wrote:
> My problem was with invalid query strings being sent to me by a vendor,
> not with problems in the header. So it won't be _exactly_ the same. I'm
> not sure if an apache rewrite map can change headers or not; it can
> change path/query string, which is all I needed. But I can show you what
> I did, in case it gives you ideas. It was a bit of a pain to figure out.
> And here's the simple Perl script that replaced illegal chars in URL
> path/query string:
>
> http://umlaut.rubyforge.org/svn/trunk/script/umlaut/rewrite_map.pl
These two those are no longer needed with the SVN version (which
we currently run in production on a pretty heavy site). I think
it was IE6 sending them and we can't ignore IE6 :<
s/>/%3E/g;
s/</%3C/g;
Unfortunately I don't think it made the 1.1.5 release
http://mongrel.rubyforge.org/browser/trunk/ext/http11/http11_parser.c?rev=996
I don't think I ever saw Mongrel error out on these. Is your vendor
really that brain damaged?
s/\//%2F/g;
s/\\/%5C/g;
But man, this just creeps me out:
s/ /\+/g;
ps: "tr/ /+/;" should be a tick faster than "s/ /\+/g;" :)
--
Eric Wong
More information about the Mongrel-users
mailing list