CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: PROBLEM - URL Slashes Squire 3 & Paladin  (Read 753 times)

benanamen

  • Full Member
  • ***
  • Posts: 160
  • Karma: +14/-0
PROBLEM - URL Slashes Squire 3 & Paladin
« on: 5 Dec 2020, 03:42:10 pm »
Multiple slashes in url work. I have the fix but I want to see how Jason handles it.

This works.
Code: [Select]
https://cutcodedown.com///////for_others///////squire3///////live///////////static////////////////test//////
To save time, let's just assume I am never wrong.

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 791
  • Karma: +143/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: PROBLEM - URL Slashes Squire 3 & Paladin
« Reply #1 on: 6 Dec 2020, 10:01:52 am »
My answer would probably be to add this to Request's internal parsing stage.

Code: [Select]
if (strpos(self::$path, '//')) Bomb::http(400);

In fact, I'm adding that now. Also why my HTTP bomb supports the full range of 400 and 500 errors. There are cases where something other than 404 is appropriate. 400 "Bad Request" fitting the bill nicely here.

That will be #00033 on the changelog in the next milestone.

Though I'm not entirely sure why this is a problem, since if you don't create a link to a URI like that, how would it come to exist on anything that would use it? Not like it's going to muck up search unless some asshat intentionally sabotages you in back-links.

Which... ok, that's reason enough to add that fix. Thanks. Helpful.
« Last Edit: 6 Dec 2020, 10:05:27 am by Jason Knight »
I'll fix every flaw, I'll break every law, I'll tear up the rulebook if that's what it takes. You will see, I will crush this cold machine.

benanamen

  • Full Member
  • ***
  • Posts: 160
  • Karma: +14/-0
Re: PROBLEM - URL Slashes Squire 3 & Paladin
« Reply #2 on: 6 Dec 2020, 12:38:07 pm »
My "fix" for my CMS was to strip out the redundant slashes with a rewrite rule in htaccess .

After reading your post and in light of the other thread regarding mixed case paths, I agree the app should "bomb" with an error.

I will be updating my CMS and fixing my fix.  :)
To save time, let's just assume I am never wrong.

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 791
  • Karma: +143/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: PROBLEM - URL Slashes Squire 3 & Paladin
« Reply #3 on: 6 Dec 2020, 04:28:23 pm »
My "fix" for my CMS was to strip out the redundant slashes with a rewrite rule in htaccess .
Which is more processing that ends up applied to all files, not just our redirect. It's bad enough the rewriterule we have and the difficulties of implementing the same on other server software, without tying us even more to Apache.

After reading your post and in light of the other thread regarding mixed case paths, I agree the app should "bomb" with an error.

Yeah, it's part of why that full mechanism is there. As this grows there will be more and more cases for showing different 4xx and 5xx messages. I do think I need to expand Bomb::http() so that more information can be passed to it, allowing for a more robust and informative error_log().
I'll fix every flaw, I'll break every law, I'll tear up the rulebook if that's what it takes. You will see, I will crush this cold machine.

 

SMF spam blocked by CleanTalk

Advertisement