You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Jerry Stratton <ns...@hoboes.com> on 1998/03/30 20:12:48 UTC
general/2017: QUERY_STRING parses %xx in SSI
>Number: 2017
>Category: general
>Synopsis: QUERY_STRING parses %xx in SSI
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Mar 30 10:20:01 PST 1998
>Last-Modified:
>Originator: nspace@hoboes.com
>Organization:
apache
>Release: Apache/1.2b11-dev IOCOM/2.0.v PHP/2.0b11 PyApache/2.25
>Environment:
Linux langley.io.com 2.0.32 #1 Tue Dec 9 16:16:54 CST 1997 i686
>Description:
When cgis are called as SSI (exec cgi), or when ENVs are accessed via SSI (echo), QUERY_STRING and QUERY_STRING_UNESCAPED have %xx converted to their respective characters.
As a side note, include virtual loses QUERY_STRING entirely, although it does have QUERY_STRING_UNESCAPED.
>How-To-Repeat:
http://www.hoboes.com/jerry/test.shtml?God=Excitable%20Boy&Bob=John%20Wesley
will show all the ways that SSIs have the % characters parsed
http://www.hoboes.com/cgi-bin/Test.cgi?God=Excitable%20Boy&Bob=John%20Wesley
will show the same cgi directly, with % characters not parsed, which I assume is the way it is supposed to be.
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]