You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Guenter Knauf <fu...@apache.org> on 2011/07/12 18:36:39 UTC
Re: svn commit: r1145647 - /httpd/httpd/trunk/modules/arch/win32/mod_win32.c
Am 12.07.2011 18:13, schrieb fuankg@apache.org:
> Author: fuankg
> Date: Tue Jul 12 16:13:28 2011
> New Revision: 1145647
>
> URL: http://svn.apache.org/viewvc?rev=1145647&view=rev
> Log:
> Fixed some more env vars which make problems.
>
> This fix is based on BZ 13029 / 34985, and includes
> now the SSL_ and GEOIP_ vars; otherwise its impossible
> to run CGIs when mod_ssl and/or mod_geoip are loaded
> and those mods return UTF-8 chars in any var during a
> request.
>
> Modified:
> httpd/httpd/trunk/modules/arch/win32/mod_win32.c
>
> Modified: httpd/httpd/trunk/modules/arch/win32/mod_win32.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?rev=1145647&r1=1145646&r2=1145647&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/arch/win32/mod_win32.c (original)
> +++ httpd/httpd/trunk/modules/arch/win32/mod_win32.c Tue Jul 12 16:13:28 2011
> @@ -528,9 +528,10 @@ static apr_status_t ap_cgi_build_command
> && (strncmp(elts[i].key, "HTTP_", 5) == 0
> || strncmp(elts[i].key, "SERVER_", 7) == 0
> || strncmp(elts[i].key, "REQUEST_", 8) == 0
> - || strcmp(elts[i].key, "QUERY_STRING") == 0
> - || strcmp(elts[i].key, "PATH_INFO") == 0
> - || strcmp(elts[i].key, "PATH_TRANSLATED") == 0)) {
> + || strncmp(elts[i].key, "PATH_", 5) == 0
> + || strncmp(elts[i].key, "SSL_", 4) == 0
> + || strncmp(elts[i].key, "GEOIP_", 6) == 0
> + || strcmp(elts[i].key, "QUERY_STRING") == 0)) {
> prep_string((const char**)&elts[i].val, r->pool);
> }
> }
Just looked again at this, and instead of adding more and more vars to
this list we should probably do the opposite: just check for those where
we know for sure they will never hold UTF-8 chars like REMOTE_,
GATEWAY_INTERFACE, REQUEST_METHOD, SERVER_ADDR, SERVER_PORT,
SERVER_PROTOCOL, and fixup all others; otherwise this issue will pop up
again sooner or later with other 3rd-party mods like I faced now already
with mod_geoip ...
Comments?
Gün.