httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anand Kumria <wildf...@progsoc.uts.edu.au>
Subject PR#339 Was: [STATUS] Sat Apr 19 21:05:18 PDT 1997
Date Sun, 20 Apr 1997 06:54:58 GMT
On Sat, 19 Apr 1997, Dean Gaudet wrote:

>   * suexec has lots of open PRs:
>     PR#269, 319, 395: suexec and SSI problems
>     PR#367, 368, 354: SEGV caused by suexec
>     PR#341: documentation error?  user confusion?
>     PR#339: suexec doesn't work with QUERY_STRINGs
> 

I've been told by the original reporter that if you remove ~ (tilde) from
the set of characters that need escaping, things will work correctly. i.e.

--- util.c      Fri Apr 18 03:20:42 1997
+++ util.c.old  Sun Mar 23 09:51:04 1997
@@ -711,8 +711,7 @@
         }
 #endif

-        /* if(ind("&;`'\"|*?~<>^()[]{}$\\\n",cmd[x]) != -1){ */
-        if(ind("&;`'\"|*?<>^()[]{}$\\\n",cmd[x]) != -1){
+        if(ind("&;`'\"|*?~<>^()[]{}$\\\n",cmd[x]) != -1){
             for(y=l+1;y>x;y--)
                 cmd[y] = cmd[y-1];



Alternatively, suexec need to understand that some of its paramters might
be escaped.

Anand.


Mime
View raw message