[Mongrel] Bare carriage returns in HTTP headers

Eric Wong normalperson at yhbt.net
Thu Mar 26 14:53:00 EDT 2009

Jonathan Rochkind <rochkind at jhu.edu> wrote:
> My problem was with invalid query strings being sent to me by a vendor,  
> not with problems in the header. So it won't be _exactly_ the same. I'm  
> not sure if an apache rewrite map can change headers or not; it can  
> change path/query string, which is all I needed. But I can show you what  
> I did, in case it gives you ideas. It was a bit of a pain to figure out.

> And here's the simple Perl script that replaced illegal chars in URL  
> path/query string:
> http://umlaut.rubyforge.org/svn/trunk/script/umlaut/rewrite_map.pl

These two those are no longer needed with the SVN version (which
we currently run in production on a pretty heavy site).  I think
it was IE6 sending them and we can't ignore IE6 :<


Unfortunately I don't think it made the 1.1.5 release


I don't think I ever saw Mongrel error out on these.  Is your vendor
really that brain damaged?

But man, this just creeps me out:
  s/ /\+/g;

ps: "tr/ /+/;" should be a tick faster than "s/ /\+/g;" :)

Eric Wong

More information about the Mongrel-users mailing list