www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Fix the building of cgi command lines when the query string

Browse Source 
contains '='.

PR:              13914
Submitted by:	 Ville Skytt� <ville.skytta@iki.fi> (mod_cgi)
                 Jeff Trawick (mod_cgid)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97601 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jeff Trawick
2002-11-22 14:45:19 +00:00
parent 42f44aa4b1
commit bd108a8478
3 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,5 +1,9 @@
Changes with Apache 2.0.44 Changes with Apache 2.0.44
*) Fix the building of cgi command lines when the query string
contains '='. PR 13914 [Ville Skytt<74> <ville.skytta@iki.fi>,
Jeff Trawick]
*) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
as set by apr-util in util_ldap.c. This should allow mod_ldap as set by apr-util in util_ldap.c. This should allow mod_ldap
to work with the Netscape/Mozilla LDAP library. [<5B>yvin S<>mme to work with the Netscape/Mozilla LDAP library. [<5B>yvin S<>mme

1
modules/generators/mod_cgi.c
View File

@@ -514,7 +514,6 @@ static apr_status_t default_build_command(const char **cmd, const char ***argv,
if (e_info->process_cgi) { if (e_info->process_cgi) {
*cmd = r->filename; *cmd = r->filename;
args = r->args;
/* Do not process r->args if they contain an '=' assignment /* Do not process r->args if they contain an '=' assignment
*/ */
if (r->args && r->args[0] && !ap_strchr_c(r->args, '=')) { if (r->args && r->args[0] && !ap_strchr_c(r->args, '=')) {

11
modules/generators/mod_cgid.c
View File

@@ -204,13 +204,13 @@ typedef struct {
apr_size_t mod_userdir_user_len; apr_size_t mod_userdir_user_len;
} cgid_req_t; } cgid_req_t;
/* If a request includes query info in the URL (stuff after "?"), and /* This routine is called to create the argument list to be passed
* the query info does not contain "=" (indicative of a FORM submission),
* then this routine is called to create the argument list to be passed
* to the CGI script. When suexec is enabled, the suexec path, user, and * to the CGI script. When suexec is enabled, the suexec path, user, and
* group are the first three arguments to be passed; if not, all three * group are the first three arguments to be passed; if not, all three
* must be NULL. The query info is split into separate arguments, where * must be NULL. The query info is split into separate arguments, where
* "+" is the separator between keyword arguments. * "+" is the separator between keyword arguments.
*
* Do not process the args if they containing an '=' assignment.
*/ */
static char **create_argv(apr_pool_t *p, char *path, char *user, char *group, static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
char *av0, const char *args) char *av0, const char *args)
@@ -220,6 +220,10 @@ static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
char *w; char *w;
int idx = 0; int idx = 0;
if (ap_strchr_c(args, '=')) {
numwords = 0;
}
else {
/* count the number of keywords */ /* count the number of keywords */
for (x = 0, numwords = 1; args[x]; x++) { for (x = 0, numwords = 1; args[x]; x++) {
@@ -227,6 +231,7 @@ static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
++numwords; ++numwords;
} }
} }
}
if (numwords > APACHE_ARG_MAX - 5) { if (numwords > APACHE_ARG_MAX - 5) {
numwords = APACHE_ARG_MAX - 5; /* Truncate args to prevent overrun */ numwords = APACHE_ARG_MAX - 5; /* Truncate args to prevent overrun */