Date: Sun, 21 Mar 2004 11:00:05 -0800 (PST) From: Brian Szymanski <ski@indymedia.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/64544: mod_rewrite RewriteCond bug Message-ID: <200403211900.i2LJ05vE059184@www.freebsd.org> Resent-Message-ID: <200403211900.i2LJ0dPY017237@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64544
>Category: ports
>Synopsis: mod_rewrite RewriteCond bug
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 21 11:00:39 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Brian Szymanski
>Release: 4.9
>Organization:
Indymedia
>Environment:
FreeBSD atotarho.wuhjuhbuh.afraid.org 4.9-STABLE FreeBSD 4.9-STABLE #0: Fri Feb 13 20:48:12 EST 2004 toor@atotarho.wuhjuhbuh.afraid.org:/usr/obj/usr/src/sys/ATOTARHO i386
>Description:
Mod_rewrite: RewriteCond:
( Syntax: RewriteCond TestString CondPattern )
inconsistent expansion of environment variables in TestString depending on CondPattern. In particular, a CondPattern of ="" reveals different (and correct) results as compared to any other test.
>How-To-Repeat:
In httpd.conf:
RewriteEngine on
RewriteCond %{QUERY_STRING} PHPSESSID.+
RewriteRule ^.* whatever1
RewriteCond %{QUERY_STRING} =""
RewriteRule ^.* whatever2
Use a http client to pass in http://this_host/foobar.php?PHPSESSID=foo
Look in rewrite.log and note that:
..RewriteCond: input='PHPSESSID=abc' pattern='=""' => not-matched
..RewriteCond: input='' pattern='PHPSESSID.+' => not-matched
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403211900.i2LJ05vE059184>