Malformed Active Mode URL joins cause infinite loop - FIX ATTACHED
Opened this issue · 0 comments
GoogleCodeExporter commented
The issue noted was that certain relative URLs were causing there to be an
infinite loop, where the relative url (i.e. ../scripts/include.js) was being
appended to the end of the url rather than joining properly to the host portion
of the base URL. This is allowed if two things are true:
1) there is an embedded URL as a parameter (i.e.
www.host.com/page.php?referrer=http://www.referrer.com/ (this is what causes
the malformed url)
2) a custom error page redirects to a page with the same, or similar type of
include, rather than to a static html 404 error page (this is what causes the
loop)
Note: if only condition #1 is true, you won't get stuck in a loop, but you'll
get a lot of 404s and miss valuable includes
I've attached an example output from the condition with a URL that has both
issues and causes an infinite loop condition (with a hard stop signal to stop
it)
FIX:
I've attached a diff file, but essentially I included urljoin from urlparse,
and used that to combine the URLs in cases other than files which I haven't
touched or looked into.
The issue was in the function build_url_from_path, where at regex was used to
find the serverpath (or base url), just by removing anything after the last '/'
character in the URL. The error is that a valid URL may contain a '/'
character in a parameter after a '?' character in the case of
www.host.com/test?referrer=http://referrer.com/page.
Rather than trying to solve all the complexities of URL parsing and joining, I
fixed it by using the maintained library, which may be a little heavier weight
than is needed for this fix, but the library would probably be helpful
elsewhere as well.
Original issue reported on code.google.com by ryanwsm...@gmail.com
on 28 Nov 2010 at 9:34
Attachments: