Opened 10 years ago

Closed 10 years ago

#2318 closed defect (fixed)

http://www.openstreetmap.org/ completely fails on legal Accept-Language header

Reported by: Hans Ulrich Niedermann Owned by: Tom Hughes
Priority: minor Milestone:
Component: website Version:
Keywords: accept-language Cc:

Description

When given a HTTP request with an HTTP header like

Accept-Language: en-us,en;q=0.9,de-de;q=0.8,de;q=0.7,fr-fr;q=0.6,fr;q=0.4,es-es;q=0.3,es;q=0.2,*;q=0.1

the server behind http://www.openstreetmap.org/ just replies with a HTTP 500 error.

Above Accept-Language header is legal according to definitions of RFC2616, as I read it:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4

The following header does not trigger the issue:

Accept-Language: en-us,en;q=0.9,de-de;q=0.8,de;q=0.7,fr-fr;q=0.6,fr;q=0.4,es-es;q=0.3,es;q=0.2

You can test different Accept-Language headers e.g. by using Firefox: Enter "about:config", and change the setting for "intl.accept_language" from something like "en-us, en, de-de, de, fr-fr, fr, es-es, es" to "en-us, en, de-de, de, fr-fr, fr, es-es, es, *".

Change History (1)

comment:1 Changed 10 years ago by tomhughes

Resolution: fixed
Status: newclosed

(In [17811]) Escape language codes before matching them in case they contain characters with special meaning in a regexp. Closes #2318.

Note: See TracTickets for help on using tickets.