how to match a loop

Oh, the strange things mod_rewrite does!

how to match a loop

Postby forearrow » Sun Mar 02, 2008 8:43 pm

I'll need a rewrite rule that skips all the "/..", for example,

http://localhost/coshlive/Portal?html=/ ... ml&more__=

to

http://localhost/coshlive/Portal?html=/ ... ml&more__=

richardk, my old friend, could you help me?
forearrow
 
Posts: 11
Joined: Fri Apr 27, 2007 10:37 pm

Postby richardk » Mon Mar 03, 2008 3:51 pm

You should validate the variable in your code and deny access if it contains ../.

As an added security measure you can use this as well
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} ^(.*&)?html=[^&]*\.\./ [NC]
RewriteRule ^coshlive/portal$ - [NC,F,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby forearrow » Tue Mar 04, 2008 12:52 am

thank you very much

I found this way:

RewriteCond %{QUERY_STRING} ^(.+?)(/\.\.)+(.*)$
RewriteRule ^(.+)$ $1?%1%3

but I think your code is always very powerfull and precise
forearrow
 
Posts: 11
Joined: Fri Apr 27, 2007 10:37 pm


Return to Idiosyncrasies

Who is online

Users browsing this forum: No registered users and 18 guests

cron