You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Guenter Knauf <fu...@apache.org> on 2011/07/12 18:36:39 UTC

Re: svn commit: r1145647 - /httpd/httpd/trunk/modules/arch/win32/mod_win32.c

Am 12.07.2011 18:13, schrieb fuankg@apache.org:
> Author: fuankg
> Date: Tue Jul 12 16:13:28 2011
> New Revision: 1145647
>
> URL: http://svn.apache.org/viewvc?rev=1145647&view=rev
> Log:
> Fixed some more env vars which make problems.
>
> This fix is based on BZ 13029 / 34985, and includes
> now the SSL_ and GEOIP_ vars; otherwise its impossible
> to run CGIs when mod_ssl and/or mod_geoip are loaded
> and those mods return UTF-8 chars in any var during a
> request.
>
> Modified:
>      httpd/httpd/trunk/modules/arch/win32/mod_win32.c
>
> Modified: httpd/httpd/trunk/modules/arch/win32/mod_win32.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?rev=1145647&r1=1145646&r2=1145647&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/arch/win32/mod_win32.c (original)
> +++ httpd/httpd/trunk/modules/arch/win32/mod_win32.c Tue Jul 12 16:13:28 2011
> @@ -528,9 +528,10 @@ static apr_status_t ap_cgi_build_command
>                   &&  (strncmp(elts[i].key, "HTTP_", 5) == 0
>                    || strncmp(elts[i].key, "SERVER_", 7) == 0
>                    || strncmp(elts[i].key, "REQUEST_", 8) == 0
> -                 || strcmp(elts[i].key, "QUERY_STRING") == 0
> -                 || strcmp(elts[i].key, "PATH_INFO") == 0
> -                 || strcmp(elts[i].key, "PATH_TRANSLATED") == 0)) {
> +                 || strncmp(elts[i].key, "PATH_", 5) == 0
> +                 || strncmp(elts[i].key, "SSL_", 4) == 0
> +                 || strncmp(elts[i].key, "GEOIP_", 6) == 0
> +                 || strcmp(elts[i].key, "QUERY_STRING") == 0)) {
>               prep_string((const char**)&elts[i].val, r->pool);
>           }
>       }
Just looked again at this, and instead of adding more and more vars to 
this list we should probably do the opposite: just check for those where 
we know for sure they will never hold UTF-8 chars like REMOTE_, 
GATEWAY_INTERFACE, REQUEST_METHOD, SERVER_ADDR, SERVER_PORT, 
SERVER_PROTOCOL, and fixup all others; otherwise this issue will pop up 
again sooner or later with other 3rd-party mods like I faced now already 
with mod_geoip ...

Comments?

Gün.