> Ben Laurie wrote:
> >
> > If I cause a CGI to be run, thus: "http://somewhere/somecgi?%3f", then I would
> > expect argv[1] in the CGI to be "?". Wouldn't you? Anyway, it isn't. It is
> > "\?". I suspect the spurious "security hole" is the culprit. So, do I fix it?
>
> Stranger still, any string containing an '=' causes argv[1] to be empty! Why?
>
> Cheers,
>
> Ben (beginning to wonder about his marbles).
My first concern was call_exec(), but after looking over that and mod_cgi,
I'm relatively certain that the net effect is the same. My tests with
some perl CGI show that it is working as expected.
Since I generally pull arguments in from QUERY_STRING, I'm not sure
what I would expect argv[1] to be. I'm guessing "?".
|