On Mon, 2 Jun 2003 23:23, Henrik Nordstrom wrote:
> Looking reasonable, but data inserted into URLs need to be URL escaped
> with rfc1738_escape_part() (not rfc1738_escape) before it is inserted
> into the URL or else there will be issues in most uses.. while data
> inserted into error pages need to be escaped by rfc1738_escape().
Thanks Henrik. I've attached a slightly modified patch that escapes only the
substituted data with rfc1738_escape_part(). I understand now why
rfc1738_escape_part() is needed instead of rfc1738_escape(), but as for
escaping data before it is inserted in the URL- is this so squid can assume
that the deny_info url (the part without the format strings) is already
escaped?
Eg: deny_info http://myserver/test.cgi?[E=%E] myacl
Original patch: http://myserver/test.cgi?%5bE=%5bNo%20Error%5d%5d
New patch: http://myserver/test.cgi?[E=%5bNo%20Error%5d]
Also, data in error pages is already escaped with html_quote() if required. I
haven't changed that behaviour.
Regards
Gerard
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:06 MST