You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/06/24 20:32:33 UTC

[PATCH] PR#644: QUERY_STRING bogosity and mod_include

Wow, so mod_include sets QUERY_STRING in three different places (not to
mention that it's also set in util_script.c).  And in two of the places it
sets QUERY_STRING_UNESCAPED, but while doing that it calls unescape_url
(r->args).  Which of course trashes r->args. 

This patch forces it to get a pstrdup'd value before calling unescape_url. 

But there are still other related bugs.  For example, if you #include
virtual something it will get the QUERY_STRING from the virtual="arg" and
the QUERY_STRING_UNESCAPED from the original url of the .shtml file. 

CGIs don't get QUERY_STRING_UNESCAPED ... I'm wondering why mod_include
does.

And there's also code duplication, like at the top of send_parsed_content
it populates QUERY_STRING and _UNESCAPED, but none of the rest... it could
just call add_include_vars.  If that happens then it shouldn't need to
call it later on when it's building the cgi environ. 

Someone want to look into those other problems?  If not I'll get to it
sometime. 

Dean

Index: mod_include.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_include.c,v
retrieving revision 1.35
diff -c -3 -r1.35 mod_include.c
*** mod_include.c	1997/06/22 03:40:24	1.35
--- mod_include.c	1997/06/24 18:25:14
***************
*** 132,140 ****
      else
          table_set (e, "DOCUMENT_NAME", r->uri);
      if (r->args) {
!         unescape_url (r->args);
  	  table_set (e, "QUERY_STRING_UNESCAPED",
! 		   escape_shell_cmd (r->pool, r->args));
      }
  }
  
--- 132,142 ----
      else
          table_set (e, "DOCUMENT_NAME", r->uri);
      if (r->args) {
! 	char *arg_copy = pstrdup (r->pool, r->args);
! 
!         unescape_url (arg_copy);
  	  table_set (e, "QUERY_STRING_UNESCAPED",
! 		   escape_shell_cmd (r->pool, arg_copy));
      }
  }
  
***************
*** 628,637 ****
      }
  
      if (r->args) {
          table_set (env, "QUERY_STRING", r->args);
! 	unescape_url (r->args);
  	table_set (env, "QUERY_STRING_UNESCAPED",
! 		   escape_shell_cmd (r->pool, r->args));
      }
      
      error_log2stderr (r->server);
--- 630,641 ----
      }
  
      if (r->args) {
+ 	char *arg_copy = pstrdup (r->pool, r->args);
+ 
          table_set (env, "QUERY_STRING", r->args);
! 	unescape_url (arg_copy);
  	table_set (env, "QUERY_STRING_UNESCAPED",
! 		   escape_shell_cmd (r->pool, arg_copy));
      }
      
      error_log2stderr (r->server);
***************
*** 1674,1683 ****
  
      chdir_file (r->filename);
      if (r->args) { /* add QUERY stuff to env cause it ain't yet */
          table_set (r->subprocess_env, "QUERY_STRING", r->args);
!         unescape_url (r->args);
          table_set (r->subprocess_env, "QUERY_STRING_UNESCAPED",
!                 escape_shell_cmd (r->pool, r->args));
      }
  
      while(1) {
--- 1678,1689 ----
  
      chdir_file (r->filename);
      if (r->args) { /* add QUERY stuff to env cause it ain't yet */
+ 	char *arg_copy = pstrdup (r->pool, r->args);
+ 
          table_set (r->subprocess_env, "QUERY_STRING", r->args);
!         unescape_url (arg_copy);
          table_set (r->subprocess_env, "QUERY_STRING_UNESCAPED",
!                 escape_shell_cmd (r->pool, arg_copy));
      }
  
      while(1) {