httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28903] - Hooks to add environment variables to CGI and other scripted content handlers
Date Tue, 11 May 2004 17:31:15 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28903>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28903

Hooks to add environment variables to CGI and other scripted content handlers





------- Additional Comments From jschneid@netilla.com  2004-05-11 17:31 -------
Actually, ap_set_common_vars happens after ap_run_fixups, so anything done in
the fixups phase can be undone in ap_set_common_vars (or ap_set_cgi_vars).  If
you need to modify the variables set in either of these places, you're out of luck.

As for not modifying the HTTP_.* and other CGI variables, there are cases where
it makes sense to modify them (for example, proxied Apache instances, or cases
where network transport is handled by another entity).  If I'm able to change
what's in the SERVER_ADDR and SERVER_PORT fields (for example), I can use a
particular badly-written CGI program that creates its own self-referential URLs
when I move to a proxied scheme (no, fixing the CGI program isn't really an
option - it's a compiled C++ program provided by a third party).

Don't get me wrong, I'm not saying we should abandon any specs here, but I don't
think the mere existance of a specification should prohibit adding tools that
_may_ be used to violate it.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message