[BusyBox 0000996]: httpd does not decode query strings before passing them to cgi script
bugs at busybox.net
bugs at busybox.net
Tue Nov 21 11:13:59 UTC 2006
The following issue requires your FEEDBACK.
======================================================================
http://busybox.net/bugs/view.php?id=996
======================================================================
Reported By: deeptho
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 996
Category: Networking Support
Reproducibility: always
Severity: minor
Priority: normal
Status: feedback
======================================================================
Date Submitted: 08-15-2006 15:37 PDT
Last Modified: 11-21-2006 03:13 PST
======================================================================
Summary: httpd does not decode query strings before passing
them to cgi script
Description:
version 1.1.3 and 1.2.1 do not decode query strings before placing
them in the environment of cgi processes.
This behaviour is different from 1.0.0 and is probably a bug.
The following patch solves the problem.
*** /tmp/networking/httpd.c~ 2006-08-11 22:02:39.000000000 +0200
--- /tmp/networking/httpd.c 2006-08-11 22:02:39.000000000 +0200
***************
*** 771,776 ****
--- 771,777 ----
asprintf(&s, "%s%s%s=%s", name_before_underline, underline,
name_after_underline, value);
if(s) {
+ decodeString(s,1);
putenv(s);
}
}
======================================================================
----------------------------------------------------------------------
vda - 11-21-06 03:13
----------------------------------------------------------------------
For now I am adding this:
/* TODO: bug 996 says we need to
decodeString(config->query)
* before placing it into env. Is this true? Add example
* in the comment please... */
setenv1("QUERY_STRING", config->query);
You suggest to decodeString() EVERY environment variable - rationale?
Issue History
Date Modified Username Field Change
======================================================================
08-15-06 15:37 deeptho New Issue
08-15-06 15:37 deeptho Status new => assigned
08-15-06 15:37 deeptho Assigned To => BusyBox
08-15-06 15:38 deeptho Issue Monitored: deeptho
11-21-06 03:13 vda Note Added: 0001750
11-21-06 03:13 vda Status assigned => feedback
======================================================================
More information about the busybox-cvs
mailing list