Fix the building of cgi command lines when the query string

contains '='. PR: 13914 Submitted by: Ville Skytt� <ville.skytta@iki.fi> (mod_cgi) Jeff Trawick (mod_cgid) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97601 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2002-11-22 14:45:19 +00:00
parent 42f44aa4b1
commit bd108a8478
3 changed files with 17 additions and 9 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.44

+  *) Fix the building of cgi command lines when the query string
+     contains '='.  PR 13914  [Ville Skytt<74> <ville.skytta@iki.fi>,
+     Jeff Trawick]
+
  *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
     as set by apr-util in util_ldap.c. This should allow mod_ldap
     to work with the Netscape/Mozilla LDAP library. [<5B>yvin S<>mme
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -514,7 +514,6 @@ static apr_status_t default_build_command(const char **cmd, const char ***argv,

    if (e_info->process_cgi) {
        *cmd = r->filename;
-        args = r->args;
        /* Do not process r->args if they contain an '=' assignment 
         */
        if (r->args && r->args[0] && !ap_strchr_c(r->args, '=')) {
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -204,13 +204,13 @@ typedef struct {
    apr_size_t mod_userdir_user_len;
 } cgid_req_t;

-/* If a request includes query info in the URL (stuff after "?"), and
- * the query info does not contain "=" (indicative of a FORM submission),
- * then this routine is called to create the argument list to be passed
+/* This routine is called to create the argument list to be passed
 * to the CGI script.  When suexec is enabled, the suexec path, user, and
 * group are the first three arguments to be passed; if not, all three
 * must be NULL.  The query info is split into separate arguments, where
 * "+" is the separator between keyword arguments.
+ *
+ * Do not process the args if they containing an '=' assignment.
 */
 static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
                          char *av0, const char *args)
@@ -220,6 +220,10 @@ static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
    char *w;
    int idx = 0;

+    if (ap_strchr_c(args, '=')) {
+        numwords = 0;
+    }
+    else {
        /* count the number of keywords */
        
        for (x = 0, numwords = 1; args[x]; x++) {
@@ -227,6 +231,7 @@ static char **create_argv(apr_pool_t *p, char *path, char *user, char *group,
                ++numwords;
            }
        }
+    }

    if (numwords > APACHE_ARG_MAX - 5) {
        numwords = APACHE_ARG_MAX - 5;  /* Truncate args to prevent overrun */