You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/13 00:45:41 UTC
DO NOT REPLY [Bug 31679] New: -
If the argument of a CGI has two or more consecutive plus signs (+) it gets truncated.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31679>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31679
If the argument of a CGI has two or more consecutive plus signs (+) it gets truncated.
Summary: If the argument of a CGI has two or more consecutive
plus signs (+) it gets truncated.
Product: Apache httpd-2.0
Version: 2.0-HEAD
Platform: PC
URL: http://131.106.1.74/webnative/listdir?C:/raid/this+is+a+
test++04
OS/Version: Windows NT/2K
Status: NEW
Severity: Major
Priority: Other
Component: mod_cgi
AssignedTo: bugs@httpd.apache.org
ReportedBy: erik@xinet.com
I have seen this on Windows on 2.0.52 and 1.3.31. Irix and Solaris versions
work fine. If you click on an URL like:
http://131.106.1.74/webnative/listdir?C:/raid/this+is+a+test++04
(user: erik, passwd: erik in case you want to connect)
(note the two space before 04 encoded as ++),
the listdir.exe cgi program only receives:
C:/raid/this is a test
as a parameter. The " 04" is truncated. In the apache log, the correct entry
is made with the full argument, it only gets truncated when the cgi is called.
--Erik Zapien
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org