amagama icon indicating copy to clipboard operation
amagama copied to clipboard

Published 20 hours ago verified publisher icon translate

URL-escaped forward slashes won't work on Apache unless AllowEncodedSlashes option is enabled

Open iafan opened this issue 13 years ago • 5 comments

If you take the string like http://foo/ and construct the URL to pass to the server, e.g.:

http://amagama/en/ar/unit/http%3A%2F%2Ffoo%2F?jsoncallback=bar"

Apache would reject such URL immediately unless you have the AllowEncodedSlashes On directive in Apache's config (which is Off by default).

The safer way is to use URL parameters directly, i.e.:

http://amagama/&src=en&dst=ar&text=http%3A%2F%2Ffoo%2F?jsoncallback=bar

Another related problem is that with long strings you can potentially hit the length of the URL. An option to consider would be to pass the md5hex() function of the string, not the string itself. This way you can safely go with either URL syntax:

http://amagama/en/ar/hash/5e1e40892e421b81e47fb397251dfbc3?jsoncallback=bar

or

http://amagama/&src=en&dst=ar&hash=5e1e40892e421b81e47fb397251dfbc3?jsoncallback=bar

iafan avatar Nov 12 '10 04:11 iafan

Also, when text contains a newline character (encoded as %0A), Apache will always give "404 not found" error.

iafan avatar Sep 20 '11 17:09 iafan

As discussed on IRC, these URLs both work already: http://amagama.locamotion.org/tmserver/en/ru/unit/File?jsoncallback=foo http://amagama.locamotion.org/tmserver/en/ru/unit/?source=File&jsoncallback=foo

This uses the GET variables as suggested originally, but just for the source text. The hashes won't work unless we already know about all strings that might be queried beforehand.

We should look at adapting the javascript in Pootle/html/js/editor.js and in Virtaal.

friedelwolff avatar Sep 20 '11 19:09 friedelwolff

I committed the changes to Pootle Javascript to use the latter URL scheme: http://amagama.locamotion.org/tmserver/en/ru/unit/?source=File&jsoncallback=foo

(there's a potential URL length issue still to be addressed, but this is a lower priority, I think)

iafan avatar Sep 20 '11 19:09 iafan

Thanks for that. The URL limitation isn't all that bad. The current amagama database only has a few strings that are more than 3000 characters, and I think only IE before version 8 had a limitation in that region. Were you able to confirm that the issue with newlines are fixed with the new URL?

friedelwolff avatar Sep 20 '11 21:09 friedelwolff

Can someone confirm if this is still a issue?

julen avatar Sep 18 '12 23:09 julen