[users@httpd] how to get post data when using shell script as cgi script.

[Keva-Slient <35...@qq.com>]

i use set in script printing all environment variables.
 there is no variable named "QUERY_STRING_POST"


using shell script getting post data is found in  this webpage.


http://www.team2053.org/docs/bashcgi/postdata.html




apache version:
Server version: Apache/2.4.10 (Debian)
Server built:   Sep 20 2017 04:37:43



------------------
.........
 Vanity...My favourite sin.
     --<<The Devil's Advocate>>

Re: [users@httpd] 回复： [users@httpd] how to get post data when using shell script as cgi script.

[Kurtis Rader <kr...@skepticism.us>]

On Wed, Jan 3, 2018 at 11:14 PM, Keva-Slient <35...@qq.com> wrote:

> thank you very much. in my work, i just need implementing an url
> interface.  in the beginning, the interface accept one parameter with only
> one value in url. but now, we want to put more than one value into that
> parameter. as the length of url is limited, i'm trying to transport that
> parameter with multiple values within http body.
>
> in my simple scene, using shell script is acceptable.
> do you know how to get http request body from shell script?
>

Using a shell script to handle a HTTP request is not acceptable from a
security standpoint. Let alone with respect to implementing a robust
solution that will work correctly when invoked with arbitrary input. Do not
try to write a robust HTTP request handler using a sh/bash/zsh/ksh script.
It cannot be done as a practical matter. Yes, it can be done theoretically
but that isn't realistic in any real world situation.

The HTTP POST data is available on the stdin stream of your shell script.
See
https://www.unix.com/shell-programming-and-scripting/232805-parsing-http-post-request.html
for one of many questions about how to deal with HTTP POST requests in
shell scripts.

I say again: Do not do this! Even if your HTTP POST API is only visible
within your organization (rather than visible publicly on the Internet)
this is a really bad idea. You need to use a language like Python which has
robust handling of HTTP requests when invoked via the CGI protocol.

-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

[users@httpd] 回复： [users@httpd] how to get post data when using shell script as cgi script.

[Keva-Slient <35...@qq.com>]

thank you very much. in my work, i just need implementing an url interface.  in the beginning, the interface accept one parameter with only one value in url. but now, we want to put more than one value into that parameter. as the length of url is limited, i'm trying to transport that parameter with multiple values within http body.


in my simple scene, using shell script is acceptable.
do you know how to get http request body from shell script?


------------------
.........
 Vanity...My favourite sin.
     --<<The Devil's Advocate>>


 




------------------ 原始邮件 ------------------
发件人: "Kurtis Rader";<kr...@skepticism.us>;
发送时间: 2018年1月4日(星期四) 中午1:39
收件人: "users"<us...@httpd.apache.org>;

主题: Re: [users@httpd] how to get post data when using shell script as cgi script.



On Wed, Jan 3, 2018 at 9:22 PM, Ruben Safir <mr...@panix.com> wrote:
On 01/03/2018 10:21 PM, Keva-Slient wrote:
 > i use set in script printing all environment variables.
 >  there is no variable named "QUERY_STRING_POST"
 >
 > using shell script getting post data is found in  this webpage.
 
 set is a shell script command not an HTTPD command.



Yes, the person asking the question knows that. They are using their shell's set command to display all the variables known to the shell session, including environment variables. They were expecting to find an environment variable that contained the data from the HTTP POST request. They know that it isn't a HTTP(D) command. They are asking how to read the HTTP POST data stream from a shell script as opposed to a more typical language like Python or C++.


My advice to the OP is don't use shell scripts (that is, a program written in sh/bash/ksh/zsh or similar languages that adhere to the POSIX 1003 shell standard). That can only lead to much wasted time, bugs, and security holes. Yes, it is technically possible to handle a HTTP POST request using such a shell. But you shouldn't do it.


-- 
Kurtis RaderCaretaker of the exceptional canines Junior and Hank

Re: [users@httpd] how to get post data when using shell script as cgi script.

[Kurtis Rader <kr...@skepticism.us>]

On Wed, Jan 3, 2018 at 9:22 PM, Ruben Safir <mr...@panix.com> wrote:

> On 01/03/2018 10:21 PM, Keva-Slient wrote:
> > i use set in script printing all environment variables.
> >  there is no variable named "QUERY_STRING_POST"
> >
> > using shell script getting post data is found in  this webpage.
>
> set is a shell script command not an HTTPD command.
>

Yes, the person asking the question knows that. They are using their
shell's set command to display all the variables known to the shell
session, including environment variables. They were expecting to find an
environment variable that contained the data from the HTTP POST request.
They know that it isn't a HTTP(D) command. They are asking how to read the
HTTP POST data stream from a shell script as opposed to a more typical
language like Python or C++.

My advice to the OP is don't use shell scripts (that is, a program written
in sh/bash/ksh/zsh or similar languages that adhere to the POSIX 1003 shell
standard). That can only lead to much wasted time, bugs, and security
holes. Yes, it is technically possible to handle a HTTP POST request using
such a shell. But you shouldn't do it.

-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

Re: [users@httpd] how to get post data when using shell script as cgi script.

[Ruben Safir <mr...@panix.com>]

On 01/03/2018 10:21 PM, Keva-Slient wrote:
> i use set in script printing all environment variables.
>  there is no variable named "QUERY_STRING_POST"
> 
> 
> using shell script getting post data is found in  this webpage.
> 
> 

set is a shell script command not an HTTPD command.

http://www.cgi101.com/book/ch3/text.html


> http://www.team2053.org/docs/bashcgi/postdata.html
> 
> 
> 
> 
> apache version:
> Server version: Apache/2.4.10 (Debian)
> Server built:   Sep 20 2017 04:37:43
> 
> 
> 
> ------------------
> .........
>  Vanity...My favourite sin.
>      --<<The Devil's Advocate>>
> 


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] how to get post data when using shell script as cgiscript.

[Keva-Slient <35...@qq.com>]

thank you very much. i will read this document.


------------------
.........
 Vanity...My favourite sin.
     --<<The Devil's Advocate>>


 




------------------ Original ------------------
From:  "Ruben Safir";<mr...@panix.com>;
Date:  Thu, Jan 4, 2018 01:24 PM
To:  "users"<us...@httpd.apache.org>;

Subject:  Re: [users@httpd] how to get post data when using shell script as cgiscript.



On 01/03/2018 10:21 PM, Keva-Slient wrote:
> i use set in script printing all environment variables.
>  there is no variable named "QUERY_STRING_POST"
> 
> 
> using shell script getting post data is found in  this webpage.
> 
> 
> http://www.team2053.org/docs/bashcgi/postdata.html
> 
> 
> 
https://httpd.apache.org/docs/2.2/env.html


> 
> apache version:
> Server version: Apache/2.4.10 (Debian)
> Server built:   Sep 20 2017 04:37:43
> 
> 
> 
> ------------------
> .........
>  Vanity...My favourite sin.
>      --<<The Devil's Advocate>>
> 


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] how to get post data when using shell script as cgi script.

[Ruben Safir <mr...@panix.com>]

On 01/03/2018 10:21 PM, Keva-Slient wrote:
> i use set in script printing all environment variables.
>  there is no variable named "QUERY_STRING_POST"
> 
> 
> using shell script getting post data is found in  this webpage.
> 
> 
> http://www.team2053.org/docs/bashcgi/postdata.html
> 
> 
> 
https://httpd.apache.org/docs/2.2/env.html


> 
> apache version:
> Server version: Apache/2.4.10 (Debian)
> Server built:   Sep 20 2017 04:37:43
> 
> 
> 
> ------------------
> .........
>  Vanity...My favourite sin.
>      --<<The Devil's Advocate>>
> 


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org