& (ampersand) HTML code in URL request -- causes 500 server error -- browser problem?

foobert

Joined: 2006-07-14
Posts: 8

Posted: Mon, 2008-11-24 22:09

Observe the following apache access log entry:

Quote:

x.x.x.x - - [23/Nov/2008:18:56:46 -0800] "GET /gal/main.php?g2_view=core.DownloadItem&g2_itemId=11953&g2_serialNumber=56 HTTP/1.1" 500 798 "http://www.foobert.com/gal/main.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18"

Note the 5 character HTML coded ampersand (&) as part of the URL, instead of the single "&" character. This causes G2 to issue 500 server error and the user is getting no pictures. I presume this is a fault of the browser, but, I wonder if there's anyway to accept this URL request and handle it properly. A simple regex substitution (s/\&/\&/g) before processing the request would do the job.

Often, when I see this, it's the result of poorly implemented spammer site suckers, or other malware (my gallery is excluded in robots.txt), however, I do also see it from what looks like legitimate web traffic -- arrived into a different part of the site though a web search and clicked through to the gallery photos embedded there. Thus, I'd sincerely appreciate any help.

Gallery version = 2.2.4 core 1.2.0.6
PHP version = 5.1.6 apache2handler
Webserver = Apache
Database = mysql 5.0.22, lock.system=flock
Toolkits = ArchiveUpload, Exif, NetPBM, ImageMagick
Acceleration = none/2700, none/2700
Operating system = 2.6.18-53.1.19.el5.centos.plus #1 SMP Sat May 10 11:10:58 EDT 2008 i686
Default theme = carbon
gettext = enabled
Locale = en_US
Rows in GalleryAccessMap table = 29
Rows in GalleryAccessSubscriberMap table = 1262
Rows in GalleryUser table = 4
Rows in GalleryItem table = 1261
Rows in GalleryAlbumItem table = 63
Rows in GalleryCacheMap table = 0

suprsidr

Joined: 2005-04-17
Posts: 8339

Posted: Thu, 2010-06-03 10:58

Sounds like a robot reading the underlying html.
When rendered by a real browser the html entities are converted to their text representations as you would expect.

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

foobert Joined: 2006-07-14 Posts: 8	Posted: Mon, 2008-11-24 22:09
	Observe the following apache access log entry: Quote: x.x.x.x - - [23/Nov/2008:18:56:46 -0800] "GET /gal/main.php?g2_view=core.DownloadItem&g2_itemId=11953&g2_serialNumber=56 HTTP/1.1" 500 798 "http://www.foobert.com/gal/main.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18" Note the 5 character HTML coded ampersand (&) as part of the URL, instead of the single "&" character. This causes G2 to issue 500 server error and the user is getting no pictures. I presume this is a fault of the browser, but, I wonder if there's anyway to accept this URL request and handle it properly. A simple regex substitution (s/\&/\&/g) before processing the request would do the job. Often, when I see this, it's the result of poorly implemented spammer site suckers, or other malware (my gallery is excluded in robots.txt), however, I do also see it from what looks like legitimate web traffic -- arrived into a different part of the site though a web search and clicked through to the gallery photos embedded there. Thus, I'd sincerely appreciate any help. Gallery version = 2.2.4 core 1.2.0.6 PHP version = 5.1.6 apache2handler Webserver = Apache Database = mysql 5.0.22, lock.system=flock Toolkits = ArchiveUpload, Exif, NetPBM, ImageMagick Acceleration = none/2700, none/2700 Operating system = 2.6.18-53.1.19.el5.centos.plus #1 SMP Sat May 10 11:10:58 EDT 2008 i686 Default theme = carbon gettext = enabled Locale = en_US Rows in GalleryAccessMap table = 29 Rows in GalleryAccessSubscriberMap table = 1262 Rows in GalleryUser table = 4 Rows in GalleryItem table = 1261 Rows in GalleryAlbumItem table = 63 Rows in GalleryCacheMap table = 0
	XUser login Username: * Password: * Create new account Request new password
suprsidr Joined: 2005-04-17 Posts: 8339	Posted: Thu, 2010-06-03 10:58
	Sounds like a robot reading the underlying html. When rendered by a real browser the html entities are converted to their text representations as you would expect. -s FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

&amp; (ampersand) HTML code in URL request -- causes 500 server error -- browser problem?

XUser login

& (ampersand) HTML code in URL request -- causes 500 server error -- browser problem?