httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Bug?
Date Sun, 28 Jul 1996 21:02:11 GMT
> Ben Laurie wrote:
> > 
> > If I cause a CGI to be run, thus: "http://somewhere/somecgi?%3f", then I would
> > expect argv[1] in the CGI to be "?". Wouldn't you? Anyway, it isn't. It is
> > "\?". I suspect the spurious "security hole" is the culprit. So, do I fix it?
> 
> Stranger still, any string containing an '=' causes argv[1] to be empty! Why?
> 
> Cheers,
> 
> Ben (beginning to wonder about his marbles).

My first concern was call_exec(), but after looking over that and mod_cgi,
I'm relatively certain that the net effect is the same. My tests with
some perl CGI show that it is working as expected. 

Since I generally pull arguments in from QUERY_STRING, I'm not sure
what I would expect argv[1] to be. I'm guessing "?".




Mime
View raw message