httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis J." <denni...@conversis.de>
Subject mod_include clobbering QUERY_STRING
Date Thu, 08 Apr 2010 21:42:20 GMT
Hi,
It looks like there is a problem in the handling of virtual includes with
Apaches SSI filter.

Take the following code:
<html><body>
<!--#echo var="QUERY_STRING"-->
<!--#include virtual="/ssi2.php?abc=1"-->
<!--#echo var="QUERY_STRING"-->
</body></html>

If this is called with the query string "(url)?test=1" then the first echo 
will print "test=1" as expected but the second one will output "abc=1".
Apparently the include in the middle completely obliterates the original 
query string making it unusable for subsequent includes.

That's a major problem as soon as you use more than one SSI include with
QUERY_STRING in your pages.

(I'm seeing this with the httpd from the latest Centos as well as the newer
httpd 2.2.15 from Fedora using the SSI output filter)

If I remove the following code from mod_include's output filter:
...
     if (r->args) {
         char *arg_copy = apr_pstrdup(r->pool, r->args);

         apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
         ap_unescape_url(arg_copy);
         apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
                   ap_escape_shell_cmd(r->pool, arg_copy));
     }
...

The QUERY STRING variable no longer gets changed and the called ssi2.php 
still gets the "abc=1" as query string but I'm sure there is a reason for 
this code to be there.

Does anyone know what is going on here?

(I filed a bug for this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49043 )

Regards,
   Dennis

Mime
View raw message