 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 11:05 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000996 | [BusyBox] Networking Support | minor | always | 08-15-06 15:37 | 11-29-06 06:42 | ||||
| Reporter | deeptho | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 1.2.x | ||||||
| Summary | 0000996: httpd does not decode query strings before passing them to cgi script | ||||||||
| Description |
version 1.1.3 and 1.2.1 do not decode query strings before placing them in the environment of cgi processes. This behaviour is different from 1.0.0 and is probably a bug. The following patch solves the problem. *** /tmp/networking/httpd.c~ 2006-08-11 22:02:39.000000000 +0200 --- /tmp/networking/httpd.c 2006-08-11 22:02:39.000000000 +0200 *************** *** 771,776 **** --- 771,777 ---- asprintf(&s, "%s%s%s=%s", name_before_underline, underline, name_after_underline, value); if(s) { + decodeString(s,1); putenv(s); } } |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0001750) vda 11-21-06 03:13 |
For now I am adding this: /* TODO: bug 996 says we need to decodeString(config->query) * before placing it into env. Is this true? Add example * in the comment please... */ setenv1("QUERY_STRING", config->query); You suggest to decodeString() EVERY environment variable - rationale? |
|
(0001763) deeptho 11-21-06 11:36 |
It was not my intention that every env-var should be decoded (only QUERY_STRING, but that is indeed what the patch does. I have just found the cgi-specification at http://hoohoo.ncsa.uiuc.edu/cgi/env.html [^] and after reading this. I think my patch should not be used, since the specificatgion states that QUERY_STRING should not be decoded. This does mean a difference in behaviour between 1.1.3 and 1.2.1. I filed the patch because of an application program that was broken dues to this change. The conclusion is that that program (geckow webinterface for a satellite receiver) relied on the erroneous behaviour of 1.1.3. |
|
(0001834) vda 11-29-06 06:42 |
"Fixed" it by adding a comment with URL to document which explains that our bahaviour is right. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-15-06 15:37 | deeptho | New Issue | |
| 08-15-06 15:37 | deeptho | Status | new => assigned |
| 08-15-06 15:37 | deeptho | Assigned To | => BusyBox |
| 08-15-06 15:38 | deeptho | Issue Monitored: deeptho | |
| 11-21-06 03:13 | vda | Note Added: 0001750 | |
| 11-21-06 03:13 | vda | Status | assigned => feedback |
| 11-21-06 11:36 | deeptho | Note Added: 0001763 | |
| 11-29-06 06:42 | vda | Status | feedback => closed |
| 11-29-06 06:42 | vda | Note Added: 0001834 | |
| 11-29-06 06:42 | vda | Resolution | open => fixed |
| 11-29-06 06:42 | vda | Fixed in Version | => 1.2.x |
| Copyright © 2000 - 2006 Mantis Group |  |
