You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/13 00:45:41 UTC

DO NOT REPLY [Bug 31679] New: - If the argument of a CGI has two or more consecutive plus signs (+) it gets truncated.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31679>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31679

If the argument of a CGI has two or more consecutive plus signs (+) it gets truncated.

           Summary: If the argument of a CGI has two or more consecutive
                    plus signs (+) it gets truncated.
           Product: Apache httpd-2.0
           Version: 2.0-HEAD
          Platform: PC
               URL: http://131.106.1.74/webnative/listdir?C:/raid/this+is+a+
                    test++04
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: erik@xinet.com


I have seen this on Windows on 2.0.52 and 1.3.31. Irix and Solaris versions 
work fine. If you click on an URL like:

http://131.106.1.74/webnative/listdir?C:/raid/this+is+a+test++04

(user: erik, passwd: erik in case you want to connect)

(note the two space before 04 encoded as ++),

the listdir.exe cgi program only receives:

C:/raid/this is a test

as a parameter. The "  04" is truncated. In the apache log, the correct entry 
is made with the full argument, it only gets truncated when the cgi is called.

--Erik Zapien

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org