Closed
Bug 120959
Opened 23 years ago
Closed 23 years ago
Use of ".." in address causes links to relative URL's to fail
Categories
(Core :: Networking, defect, P2)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla0.9.8
People
(Reporter: mattrope-lists, Assigned: andreas.otte)
Details
(Keywords: helpwanted, regression)
Attachments
(2 files)
|
822 bytes,
patch
|
dougt
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
|
769 bytes,
patch
|
Details | Diff | Splinter Review |
I find that if an address containing ".." is entered in the URL bar, links to
relative URL's on the target page can not be followed properly.
To reproduce:
* Go to http://www.mozillazine.org/build_comments/
* Add ".." to the end of the URL and press ENTER
* hover mouse over one of the "## responses" links on the page and note the URL
that Mozilla displays in status bar (it's missing a couple of characters)
* try to click on the link
I've had the same results trying this on other sites as well.
wfm nc4.78w32
Assignee: asa → darin
Component: Browser-General → Networking: HTTP
QA Contact: doronr → tever
|
||
Comment 2•23 years ago
|
||
Interesting....
Load "http://www.mozillazine.org/build_comments/..". The URL bar says
"http://www.mozillazine.org/" but the base url for the document is
"http://www.mozillazine.or./" Note "." instead of "g".
Confirming, linux build 2002-01-18-08.
|
Assignee | |
Comment 3•23 years ago
|
||
Testing:
urltest http://www.mozillazine.org/build_comments/..
gives this result:
http,,,www.mozillazine.org,-1,,g,,,,,http://www.mozillazine.org/
should be:
http,,,www.mozillazine.org,-1,/,,,,,,http://www.mozillazine.org/
This is not related to CoalesceDirs, checked it, must be somewhere else in the
parser ...
|
|
Assignee | |
Comment 4•23 years ago
|
||
The problem can be found in
nsBaseURLParser::ParseFilePath(const char *filepath, PRInt32 filepathLen,
PRUint32 *directoryPos, PRInt32 *directoryLen,
PRUint32 *basenamePos, PRInt32 *basenameLen,
PRUint32 *extensionPos, PRInt32 *extensionLen)
where we search backwards for a filename, in this case getting .. as filename.
With the old urlparser we did a CoalesceDirs before doing something similar. We
should put that back in ...
|
|
Assignee | |
Comment 5•23 years ago
|
||
raising severity ... should be fixed for 0.9.8
Severity: minor → major
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: --- → mozilla0.9.8
-> Networking, +helpwanted
andreas, do you want to take this?
Assignee: darin → neeti
Component: Networking: HTTP → Networking
Keywords: helpwanted
QA Contact: tever → benc
|
|
Assignee | |
Comment 7•23 years ago
|
||
I will give it a shot, on second thought, I would go for special casing .. and .
not doing a call to CoalesceDirs.
taking ...
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 8•23 years ago
|
||
cc-ing darin, who wrote that stuff, for input on a better idea.
|
|
Assignee | |
Comment 9•23 years ago
|
||
catch /.. and /. when searching for filename
|
|
Assignee | |
Comment 11•23 years ago
|
||
nominating for 0.9.8
|
||
Comment 12•23 years ago
|
||
andreas: your patch looks good to me. sr=darin
|
|
||
Updated•23 years ago
|
Attachment #65909 -
Flags: superreview+
|
|
Assignee | |
Comment 13•23 years ago
|
||
Doug, want to r= this patch?
|
||
Comment 14•23 years ago
|
||
Comment on attachment 65909 [details] [diff] [review]
patch to fix the problem
looks good. Incredible work again.
Attachment #65909 -
Flags: review+
|
|
Assignee | |
Comment 15•23 years ago
|
||
fix checked in
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
||
Comment 16•23 years ago
|
||
Comment on attachment 65909 [details] [diff] [review]
patch to fix the problem
>Index: mozilla/netwerk/base/src/nsURLParsers.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.cpp,v
>retrieving revision 1.7
>diff -u -r1.7 nsURLParsers.cpp
>--- mozilla/netwerk/base/src/nsURLParsers.cpp 29 Nov 2001 23:28:34 -0000 1.7
>+++ mozilla/netwerk/base/src/nsURLParsers.cpp 21 Jan 2002 19:39:29 -0000
>@@ -325,6 +325,10 @@
> for (p = end - 1; *p != '/' && p > filepath; --p)
> ;
> if (*p == '/') {
>+ // catch /.. and /.
>+ if ((p+1 < end && *(p+1) == '.') &&
>+ (p+2 == end || (p+2 < end && *(p+2) == '.' && p+3 == end)))
Nit: if (p+1 < end) then (p+2 <= end), so if !(p+2 == end) [which must be true
for the || operator's right operand to be evaluated), then (p+2 < end) -- so
there is no need to test (p+2 < end) in the first clause of the final
conjunction.
>+ p = end - 1;
> // filepath = <directory><filename>.<extension>
> SET_RESULT(directory, 0, p - filepath + 1);
> ParseFileName(p + 1, end - (p + 1),
|
||
Comment 17•23 years ago
|
||
a=asa (on behalf of drivers) for checkin to 0.9.8
Keywords: mozilla0.9.8 → mozilla0.9.8+
|
|
Assignee | |
Comment 18•23 years ago
|
||
Brendan is right, the additional clause is not necessary.
|
|
||
Comment 19•23 years ago
|
||
Andreas, can you check this into the 0.9.8 branch. It looks like it landed on
the trunk after we branched and never made it to the branch. Thanks.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 20•23 years ago
|
||
asa: i'm checking it right now :-)
|
|
||
Comment 21•23 years ago
|
||
fixed on the 0.9.8 branch
andreas: can you please land your be-revision on the trunk? thx!
|
|
Assignee | |
Comment 22•23 years ago
|
||
Sure, I assume I have a r/sr= on this one?
|
|
||
Comment 23•23 years ago
|
||
r/sr=brendan,darin
|
|
Assignee | |
Comment 24•23 years ago
|
||
revised patch checked in
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•