www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Stratton <nsp...@hoboes.com>
Subject general/2017: QUERY_STRING parses %xx in SSI
Date Mon, 30 Mar 1998 18:12:48 GMT

>Number:         2017
>Category:       general
>Synopsis:       QUERY_STRING parses %xx in SSI
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Mar 30 10:20:01 PST 1998
>Last-Modified:
>Originator:     nspace@hoboes.com
>Organization:
apache
>Release:        Apache/1.2b11-dev IOCOM/2.0.v PHP/2.0b11 PyApache/2.25
>Environment:
Linux langley.io.com 2.0.32 #1 Tue Dec 9 16:16:54 CST 1997 i686
>Description:
When cgis are called as SSI (exec cgi), or when ENVs are accessed via SSI (echo), QUERY_STRING
and QUERY_STRING_UNESCAPED have %xx converted to their respective characters.



As a side note, include virtual loses QUERY_STRING entirely, although it does have QUERY_STRING_UNESCAPED.
>How-To-Repeat:
http://www.hoboes.com/jerry/test.shtml?God=Excitable%20Boy&Bob=John%20Wesley

   will show all the ways that SSIs have the % characters parsed

http://www.hoboes.com/cgi-bin/Test.cgi?God=Excitable%20Boy&Bob=John%20Wesley

   will show the same cgi directly, with % characters not parsed, which I assume is the way
it is supposed to be.
>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message