[mod_python] dot dot in the url

Colin Bean ccbean at gmail.com
Mon May 14 15:20:24 EDT 2007

On 5/14/07, Roger Binns <rogerb at rogerbinns.com> wrote:
> Hash: SHA1
> Colin Bean wrote:
> > Have you considered base64 encoding the path data you want sent as a
> > parameter?  Might make your application harder to use, but you could
> > send whatever you wanted as a parameter without involving apache's url
> > processing rules.
> Yes, that falls under "Have some sort of escape sequence that allows them"

Sort of... I'd consider encoding the entire path a different solution
to escaping specific problem characters (and you make this distinction
below).  Base64 encoding would also handle more than just the /./ and
/../ problem cases, it would handle any other url-unfriendly
characters that appear in your book titles ('#' and foreign language
characters come to mind, although you could still escape / url encode

Anyway, just my $0.02

> /./ and /../ are going to be the uncommon case so I'll either ban them
> outright or think of something that only requires them to be escaped
> rather than the whole string which is what base64 does.  Unfortunately
> the obvious use of \ is taken since is the path separator under Windows
> and it gets treated similarly to /.  Something like tilde would work
> although that now makes two special cases for people have to worry about
> (the /../ and tilde).
> Roger
> Version: GnuPG v1.4.6 (GNU/Linux)
> HlEVETadxhw9xITlWrxSys0=
> =jWEQ
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python

More information about the Mod_python mailing list