« previous: Find, For-loops, and Spaces in BASH | next: Disabling Plugins in Firefox »

Regex Bug in Apache's mod_include (SSI)

# Filed on Jul 14, 2006 by Anthony reply

Apache’s Server-Side Includes (SSI) feature, provided by mod_include, is a fantastic tool.  Not only does it let you pull content from other files (to include a standard header & footer across an entire site, for example), but it lets you use regular expressions to control flow and determine output.

Today I got bit by a nasty bug in Apache’s regex implementation, though.  In standard regular expression syntax, if you wanted to match this:

foo.shtml?1-5

...then you would need to escape the question-mark in your regex, like this:

/foo.shtml\?1-5/

However, that does not match in Apache’s SSI expr tests.

I spent a couple hours debugging the problem, trying different combinations of query-string, no query-string, trailing dollar-sign, escaped trailing dollar-sign, all to no avail.  I wrote up a test page that showed some base cases with an output of "matches" or "does not match" and it almost seemed that somehow the $REQUEST_URI didn’t actually include the $QUERY_STRING (even though echoing it did show the QS).

I only discovered the solution as I was preparing to file a bug in Apache’s bugzilla.  Someone else had had a related problem and in the course of discussing it, an Apache developer revealed that all backslashes must be escaped within regex portions of expr statements.  So instead of this:

<!--#if expr="$REQUEST_URI = /foo.shtml\?1-5/" -->

...you need to use this:

<!--#if expr="$REQUEST_URI = /foo.shtml\\?1-5/" -->

Now that’s buggy and ridiculous, but that in itself isn’t a huge deal.  What is a huge deal, though, is that nowhere in the mod_include documentation is this glaring flaw ever mentioned.

Reply to this message here:

Your name
Email (why?)
Website (if you have one)
Subject
search posts:

home | archives ]

Shopping Cart

Your cart is empty.

Client Quotes

I just installed the demo of your product and got it up and running in no time.  I searched high and low for a decent login script and thank God I found yours.
– Adrian F.
I spent ages trying to find a way of making my own log in page for my website - if you're thinking of doing that forget it - don't waste your time!  UserBase is a 1st class product at a very reasonable price.  The software works faultlessly and can be adapted to any situation.  The service that I have received from Encodable is terrific!  I am very very impressed.  Nothing was too much trouble and I am most grateful to Anthony DiSante in particular for all his help and patience.
– Paul S.
Worked like a charm... man, this piece of software is a dream and I really appreciate all your customer service help getting this taken care of.
– Kyle M.
I just want to say you guys really stand alone in that you have a quality product and you provide genuine customer service.  It's sad but those qualities are seldom found separately, much less together.  Thanks again for your time and help.
– Alex S.
Also, I wanted to tell you that I was very skeptical about buying this script.  I've spent a lot of time and money over the past 3 months trying to find a solution that works, but I ended up having problems with so many of the scripts I tried that I was almost to the point of giving up.  But then I came across your script, and it actually does what it's supposed to.  An absolute wow.  A very impressive and powerful script indeed!  Many, many thanks!
– Mike E.
I can't thank you enough, I was up against a deadline that required me to get this up and running in 48 hours and you have probably the best customer service I've ever seen.
– Dan T.
Your scripts/software are the greatest, I mean I really love how customizable they are, how intuitive they are, and so on.  Thanks again, I love this stuff!
– Tucker O.
We searched for a long time for an application to password protect directories and allow file uploads.  Userbase & Filechucker are far superior to anything out there.  Simple yet powerful programming, extremely flexible in configuration, and great customer service.  Thanks for a superb product.
– Kat G.
Thank you VERY much for all of your help.  You've really impressed me.  We have support agreements for other software that costs thousands of dollars / year (just for the support), and most of them aren't as helpful as you have been.
– Keith Y.
There are a lot of these scripts out there, but I think they all pale in comparison to yours.
– Peter W.
The software has some great features, is well presented, runs where others are problematic and will make a good impression on our clients.  We look forward to reaping its benefits!
– Alex H.