httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: QUERY_STRING & #exec cmd bugs
Date Tue, 18 Jul 1995 17:40:00 GMT
>From: rst@edu.mit.ai (Robert S. Thau)
>Date: Mon, 17 Jul 95 12:20:49 EDT

>Hmmm... backslash-octal escaping doesn't work for me in the
>shell-escape context ("cat > /tmp/foo\000bar" gives me a file named
>/tmp/foo000bar; the backslash simply gets elided).  Are there other
>programs which will treat this sort of backslash escape correctly?
>(If not it seems silly to try to use it --- anything which really
>requires %00 to work correctly, it can always just use QUERY_STRING in
>the CGI context, or QUERY_STRING_UNESCAPED for SSI <!--#exec-->s).

Not a reasonable test; you can't have filenames with null characters!
And \xxx escapes aren't valid in shell redirections. (I know not why.)

It works ok in command arguments, which is it is used for a script. e.g.

echo 'foo\000bar' > file

works for me.

I suspect there is little demand for PATH_INFO_(UN)ESCAPED.


 David.

Mime
View raw message