httpd translates %xx and generates a false QUERY_STRING for cgi scripts.
Dirk Clemens
develop at cle-mens.de
Fri Sep 2 16:58:40 UTC 2005
Dirk Clemens wrote:
>The httpd translates %xx sequences in the query string into the
>ascii representation. But this is bad, because a cgi programm must
>distinguish between '&' and '%26' and other chars with special meanings.
>
>
And here is the patch.
The indicator 'flag_plus_to_space' works well.
--- httpd-old.c 2005-08-17 03:29:10.000000000 +0200
+++ httpd.c 2005-09-02 17:32:50.000000000 +0200
@@ -769,6 +769,12 @@
while (*ptr)
{
if (*ptr == '+' && flag_plus_to_space) { *string++ = ' '; ptr++; }
+ else if (*ptr == '?' && !flag_plus_to_space)
+ {
+ // copy rest of line
+ while ( ( *string++ = *ptr++ ) ) ;
+ break;
+ }
else if (*ptr != '%') *string++ = *ptr++;
else {
unsigned int value;
@@ -1970,9 +1976,6 @@
#endif
#ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY
const char *s_port;
-#endif
-
-#ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY
int server;
#endif
Dirk
More information about the busybox
mailing list