From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.142.191.1 with SMTP id o1cs355363wff; Mon, 30 Nov 2009 08:27:16 -0800 (PST) Received: from mr.google.com ([10.90.142.5]) by 10.90.142.5 with SMTP id p5mr6155470agd.4.1259598435387 (num_hops = 1); Mon, 30 Nov 2009 08:27:15 -0800 (PST) Received: by 10.90.142.5 with SMTP id p5mr691314agd.4.1259598433989; Mon, 30 Nov 2009 08:27:13 -0800 (PST) X-BeenThere: rack-devel@googlegroups.com Received: by 10.213.77.68 with SMTP id f4ls2286605ebk.2.p; Mon, 30 Nov 2009 08:27:12 -0800 (PST) Received: by 10.213.71.130 with SMTP id h2mr198708ebj.19.1259598432107; Mon, 30 Nov 2009 08:27:12 -0800 (PST) Received: by 10.213.71.130 with SMTP id h2mr198707ebj.19.1259598432016; Mon, 30 Nov 2009 08:27:12 -0800 (PST) Return-Path: Received: from mail-ew0-f228.google.com (mail-ew0-f228.google.com [209.85.219.228]) by gmr-mx.google.com with ESMTP id 18si420125ewy.12.2009.11.30.08.27.11; Mon, 30 Nov 2009 08:27:11 -0800 (PST) Received-SPF: neutral (google.com: 209.85.219.228 is neither permitted nor denied by best guess record for domain of ibc@aliax.net) client-ip=209.85.219.228; Received: by ewy28 with SMTP id 28so4470108ewy.17 for ; Mon, 30 Nov 2009 08:27:11 -0800 (PST) Received: by 10.213.24.24 with SMTP id t24mr5037713ebb.90.1259598431713; Mon, 30 Nov 2009 08:27:11 -0800 (PST) Return-Path: Received: from ibc-laptop.localnet ([212.230.46.89]) by mx.google.com with ESMTPS id 10sm6872935eyz.31.2009.11.30.08.27.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 30 Nov 2009 08:27:09 -0800 (PST) From: =?utf-8?q?I=C3=B1aki_Baz_Castillo?= To: Rack Development Subject: Re: Does Rack SPEC states that PATH_INFO must be cut after ";" (semicolon)? Date: Mon, 30 Nov 2009 17:27:06 +0100 User-Agent: KMail/1.12.2 (Linux/2.6.28-16-generic; KDE/4.3.2; x86_64; ; ) References: <200911241922.13218.ibc@aliax.net> In-Reply-To: <200911241922.13218.ibc@aliax.net> MIME-Version: 1.0 Message-Id: <200911301727.06897.ibc@aliax.net> X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.85.219.228 is neither permitted nor denied by best guess record for domain of ibc@aliax.net) smtp.mail=ibc@aliax.net Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: List-Post: , List-Help: , List-Archive: X-Thread-Url: http://groups.google.com/group/rack-devel/t/f48d0f995357a3de X-Message-Url: http://groups.google.com/group/rack-devel/msg/3966fba469477f3 List-Unsubscribe: , List-Subscribe: , Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, could I get some reply to this mail please? I strongly think it could b= e a=20 bug in Rack so I can't understand why it is ignored. In fact, I've re-checked HTTP and URI BNF grammar and the semicolon ";" is = an=20 allowed character into the URI path sections. Regards. El Martes, 24 de Noviembre de 2009, I=C3=B1aki Baz Castillo escribi=C3=B3: > Hi, I've reported an issue for Thin HTTP server since it cuts PATH_INFO > after finding a ";": >=20 > http://github.com/macournoyer/thin/issues/closed/#issue/6 >=20 > --------------------------- > If Thin receives a request with request line: >=20 > GET /level1/level2;user=3Dalice/level3/doc.txt HTTP/1.1 >=20 > then Thin cuts the URI path and leaves: > env{"PATH_INFO"} =3D> "/level1/level2" >=20 > Why? I've looked for such behavior in RFC 3986 and RFC 2616 but I don't > find a reason to remove all the path content after ";". > --------------------------- >=20 >=20 > A Thin developer closed the bug with the argument: >=20 > ---------------------------- > the env object is constructed according to Rack specs: > http://rack.rubyforge.org/doc/SPEC.html > If you want the full URI look into env["REQUEST_URI"] > ---------------------------- >=20 >=20 > However I don't find in the SPEC where the PATH_INFO must be cut before t= he > first semicolon char. >=20 > I expect that is not correct at all since if ";" appears in the PATH (I > mean before the query) then it's a valid char for the PATH. >=20 > In fact this issue is breaking my application since Rack receives requests > containing ";" in the path like: >=20 > GET /app/user%25b@id=3D%22ibc@domain.org;nat=3Dyes%22%2d >=20 > which after hex-unescaping becomes: >=20 > GET /app/user[@id=3D"ibc@domain.org;nat=3Dyes"] >=20 > Thin (and Mongrel) creates PATH_INFO as follows: >=20 > /app/user%25b@id=3D%22ibc@domain.org >=20 >=20 > A workaround is forcing the client to escape the semicolon, but this > violates the application specs as ";" is not required to be encoded in t= he > HTTP uri (it could be encoded or not, but it's not required). >=20 >=20 > IMHO it's a bug in Rack SPEC (even if I don't find that point) or in > Thin/Mongrel implementation. >=20 > Thanks a lot for any comment. >=20 =2D-=20 I=C3=B1aki Baz Castillo