leohns / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

error handle bad coded GET in html #91

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I find that when come up with link like this "/xxx.php?a=&b=&" ('&' ends the 
url) and tokenize_path will add a name=NULL and value="" pair to the request so 
the server complains, and this request get nothing.

I add a line of code: 

if (next_eq==next_seg && next_eq==1) break;

before 

if (next_eq < next_seg) {
      name  = url_decode_token(cur + 1, next_eq - 1, 1);
      value = url_decode_token(cur + next_eq + 1, next_seg - next_eq - 1, 1);
    } else {
      value = url_decode_token(cur + 1, next_seg - 1, 1);
    }

to skip the last '&' and yield normal response, is it a bug?

Original issue reported on code.google.com by idc...@gmail.com on 28 Sep 2010 at 10:13

GoogleCodeExporter commented 8 years ago
I'm not sure I understand?

When presented with a ?foo=bar&baz=frob& in the URL, I see skipfish requesting 
the resource properly:

  http://localhost/?foo=bar&baz=frob& 

Are you seeing something different? What's the expected outcome?

Original comment by lcam...@gmail.com on 28 Sep 2010 at 5:18

GoogleCodeExporter commented 8 years ago
I tried reproducing this by embedding the following link: /skip/aa.html?a=&b=&
The skipfish HTTP requests in the Apache log look correct to me:

/skip/aa.html?a=9876sfi&b=& 
...
...

/skip/aa.html?a=&b=9876sfi&
...
...

Perhaps idccmx's problem is related to the request I found in my log (noted 
below) where skipfish performs parameter value tests straight behind the last 
'&'.  I can imagine that parameter handling of some PHP scripts will complain 
about this (e.g. unknown parameter, or no value set.. etc) 

/skip/aa.html?a=&b=&9876sfi

Niels

Original comment by niels0...@gmail.com on 28 Sep 2010 at 7:50

GoogleCodeExporter commented 8 years ago
ok, my fault.

by the way there is another question:
when come up with link like "xxx/login?referer=/home&id=00"
skipfish parsed then serialized to "xxx/login?referer=%2Fhome&id=00" so the 
server responsed a fail notice, but my firefox sented 
"xxx/login?referer=/home&id=00" in request header, so logged in successfully.

is it a question?

Original comment by idc...@gmail.com on 29 Sep 2010 at 6:34

GoogleCodeExporter commented 8 years ago
I'd argue that application is not behaving very reasonably, but this can be 
improved. I have a fix and it will be included in the next release.

Original comment by lcam...@gmail.com on 29 Sep 2010 at 6:56

GoogleCodeExporter commented 8 years ago
thx :)

Original comment by idc...@gmail.com on 29 Sep 2010 at 6:59