nxbdi/jsunpack-n

Malformed Active Mode URL joins cause infinite loop - FIX ATTACHED

Opened this issue · 0 comments

The issue noted was that certain relative URLs were causing there to be an 
infinite loop, where the relative url (i.e. ../scripts/include.js) was being 
appended to the end of the url rather than joining properly to the host portion 
of the base URL.  This is allowed if two things are true:

1) there is an embedded URL as a parameter (i.e. 
www.host.com/page.php?referrer=http://www.referrer.com/ (this is what causes 
the malformed url)
2) a custom error page redirects to a page with the same, or similar type of 
include, rather than to a static html 404 error page (this is what causes the 
loop)

Note: if only condition #1 is true, you won't get stuck in a loop, but you'll 
get a lot of 404s and miss valuable includes

I've attached an example output from the condition with a URL that has both 
issues and causes an infinite loop condition (with a hard stop signal to stop 
it)

FIX:
I've attached a diff file, but essentially I included urljoin from urlparse, 
and used that to combine the URLs in cases other than files which I haven't 
touched or looked into.  

The issue was in the function build_url_from_path, where at regex was used to 
find the serverpath (or base url), just by removing anything after the last '/' 
character in the URL.  The error is that a valid URL may contain a '/' 
character in a parameter after a '?' character in the case of 
www.host.com/test?referrer=http://referrer.com/page.  

Rather than trying to solve all the complexities of URL parsing and joining, I 
fixed it by using the maintained library, which may be a little heavier weight 
than is needed for this fix, but the library would probably be helpful 
elsewhere as well.

Original issue reported on code.google.com by ryanwsm...@gmail.com on 28 Nov 2010 at 9:34

Attachments: