[users@httpd] 回复： [users@httpd] how to get post data when using shell script as cgi script.

[Keva-Slient <35...@qq.com>]

thank you very much. in my work, i just need implementing an url interface.  in the beginning, the interface accept one parameter with only one value in url. but now, we want to put more than one value into that parameter. as the length of url is limited, i'm trying to transport that parameter with multiple values within http body.


in my simple scene, using shell script is acceptable.
do you know how to get http request body from shell script?


------------------
.........
 Vanity...My favourite sin.
     --<<The Devil's Advocate>>


 




------------------ 原始邮件 ------------------
发件人: "Kurtis Rader";<kr...@skepticism.us>;
发送时间: 2018年1月4日(星期四) 中午1:39
收件人: "users"<us...@httpd.apache.org>;

主题: Re: [users@httpd] how to get post data when using shell script as cgi script.



On Wed, Jan 3, 2018 at 9:22 PM, Ruben Safir <mr...@panix.com> wrote:
On 01/03/2018 10:21 PM, Keva-Slient wrote:
 > i use set in script printing all environment variables.
 >  there is no variable named "QUERY_STRING_POST"
 >
 > using shell script getting post data is found in  this webpage.
 
 set is a shell script command not an HTTPD command.



Yes, the person asking the question knows that. They are using their shell's set command to display all the variables known to the shell session, including environment variables. They were expecting to find an environment variable that contained the data from the HTTP POST request. They know that it isn't a HTTP(D) command. They are asking how to read the HTTP POST data stream from a shell script as opposed to a more typical language like Python or C++.


My advice to the OP is don't use shell scripts (that is, a program written in sh/bash/ksh/zsh or similar languages that adhere to the POSIX 1003 shell standard). That can only lead to much wasted time, bugs, and security holes. Yes, it is technically possible to handle a HTTP POST request using such a shell. But you shouldn't do it.


-- 
Kurtis RaderCaretaker of the exceptional canines Junior and Hank

Re: [users@httpd] 回复： [users@httpd] how to get post data when using shell script as cgi script.

[Kurtis Rader <kr...@skepticism.us>]

On Wed, Jan 3, 2018 at 11:14 PM, Keva-Slient <35...@qq.com> wrote:

> thank you very much. in my work, i just need implementing an url
> interface.  in the beginning, the interface accept one parameter with only
> one value in url. but now, we want to put more than one value into that
> parameter. as the length of url is limited, i'm trying to transport that
> parameter with multiple values within http body.
>
> in my simple scene, using shell script is acceptable.
> do you know how to get http request body from shell script?
>

Using a shell script to handle a HTTP request is not acceptable from a
security standpoint. Let alone with respect to implementing a robust
solution that will work correctly when invoked with arbitrary input. Do not
try to write a robust HTTP request handler using a sh/bash/zsh/ksh script.
It cannot be done as a practical matter. Yes, it can be done theoretically
but that isn't realistic in any real world situation.

The HTTP POST data is available on the stdin stream of your shell script.
See
https://www.unix.com/shell-programming-and-scripting/232805-parsing-http-post-request.html
for one of many questions about how to deal with HTTP POST requests in
shell scripts.

I say again: Do not do this! Even if your HTTP POST API is only visible
within your organization (rather than visible publicly on the Internet)
this is a really bad idea. You need to use a language like Python which has
robust handling of HTTP requests when invoked via the CGI protocol.

-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank