Don’t know if found by someone else, but I find this bug today in
autoindex module.
Basically, the file/dirname is not escaped properly.
To reproduce:
–
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
On Tue, Dec 29, 2009 at 5:20 PM, Edho P Arief [email protected]
wrote:
Don’t know if found by someone else, but I find this bug today in
autoindex module.Basically, the file/dirname is not escaped properly.
To reproduce:
- enable autoindex in a directory
- create file with name “something” in the directory
- view the (broken) directory list in web
it should use ngx_escape_html - I’ve tried modifying it but I don’t
know enough C to correctly fix it.
–
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
On Tue, Dec 29, 2009 at 5:20 AM, Edho P Arief [email protected]
wrote:
–
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
nginx mailing list
[email protected]
nginx Info Page
I wonder if this is related to a bug in which the autoindex module
occasionally truncates non-ASCII filenames.
Examples of the bug can be found at http://thegodlikehobo.org/tmp/
Each file contains its own name. The 4th (e$B’3’a’Z’c’'Ze(B), 7th
(e$B%F%9%He(B), and 8th
(e$B%U%m%j%@e(B) files from the top have had their name truncated, but
the link
is correct.
-Ross
Hello!
On Thu, Dec 31, 2009 at 12:45:18AM +0700, Edho P Arief wrote:
it should use ngx_escape_html - I’ve tried modifying it but I don’t
know enough C to correctly fix it.
I’m currently looking in it, stay tuned.
Maxim D.
Hello!
On Wed, Dec 30, 2009 at 01:16:42PM -0500, Ross wrote:
occasionally truncates non-ASCII filenames.
Examples of the bug can be found at http://thegodlikehobo.org/tmp/
Each file contains its own name. The 4th (СпиÑки), 7th (テスト), and 8th
(フãƒãƒªãƒ€) files from the top have had their name truncated, but the link
is correct.
No, it’s unrelated problem. I’m able to reproduce it here, I’ll
take a look.
Maxim D.
Hello!
On Thu, Dec 31, 2009 at 02:05:04AM +0300, Maxim D. wrote:
On Wed, Dec 30, 2009 at 01:16:42PM -0500, Ross wrote:
[…]
I wonder if this is related to a bug in which the autoindex module
occasionally truncates non-ASCII filenames.Examples of the bug can be found at http://thegodlikehobo.org/tmp/
Each file contains its own name. The 4th (СпиÑки), 7th (テスト), and 8th
(フãƒãƒªãƒ€) files from the top have had their name truncated, but the link
is correct.No, it’s unrelated problem. I’m able to reproduce it here, I’ll
take a look.
Patch.
Maxim D.
Hello!
On Thu, Dec 31, 2009 at 01:55:31AM +0300, Maxim D. wrote:
To reproduce:
- enable autoindex in a directory
- create file with name “something” in the directory
- view the (broken) directory list in web
it should use ngx_escape_html - I’ve tried modifying it but I don’t
know enough C to correctly fix it.I’m currently looking in it, stay tuned.
Patch.
Maxim D.
On Thu, Dec 31, 2009 at 9:16 AM, Maxim D. [email protected]
wrote:
Maxim D.
nginx mailing list
[email protected]
nginx Info Page
Thank you, the patch works great with 0.7.64!
However, now I notice a different issue with the autoindex. At the
same location (http://thegodlikehobo.org/tmp/) the date and size
columns of the English and Russian filenames are aligned, but the
Japanese ones seem to be random. I see the misalignment in Firefox,
Chrome, and Opera.
-Ross
Hello!
On Thu, Dec 31, 2009 at 09:51:31AM -0500, Ross wrote:
occasionally truncates non-ASCII filenames.
Thank you, the patch works great with 0.7.64!
However, now I notice a different issue with the autoindex. At the
same location (http://thegodlikehobo.org/tmp/) the date and size
columns of the English and Russian filenames are aligned, but the
Japanese ones seem to be random. I see the misalignment in Firefox,
Chrome, and Opera.
nginx uses fixed-width font in autoindex, and this is
fullwidth/halfwidth problem I’m not really want to dig into. And,
given the fact that different browsers misalign the above page
differently, it won’t help anyway.
I believe instead autoindex should be reworked to be able to
produce XML and hence allow any layout via XSLT. This will
resolve the above issue by providing means to use layouts with
proportional fonts.
Maxim D.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs