apache - Is there a special case in Apache2 when calling a CGI and the URI includes a single query string parameter without a value? -


today got error , surprised since looked fine...

i have cgi written in c++ accepts uris query string. query string selects page, etc. cgi installed in standard location ubuntu installation:

/usr/lib/cgi-bin/snapmanager.cgi

today finishing adding login screen , once logged in, wanted add logout link. link adds ?logout @ end of uri:

http://www.example.com/cgi-bin/snapmanager.cgi?logout

that failed.

checking error log, got error saying "logout" appeared on command line. rather surprising, if ask me! tried with:

http://www.example.com/cgi-bin/snapmanager.cgi?logout=now

and worked expected. no logout on command line.

i tried:

http://www.example.com/cgi-bin/snapmanager.cgi?logout&host=foo

and worked too. again, no logout on command line.

however, if switch parameters position fails again:

http://www.example.com/cgi-bin/snapmanager.cgi?host=foo&logout

so looks apache2 calls cgi logout query string parameter on command line when 1 query string name defined last.

just in case, tried add dashes @ start of name, , sure enough, appears command line switch in logs!

error:snapmanager.cgi: option --logout not supported.

really scary. huge security risk if know of switch can "tweak things way"...

is documented somewhere?

i found answer in rfc3875 in paragraph 4.4

4.4. script command line

some systems support method supplying array of strings cgi script. used in case of 'indexed' http query, identified 'get' or 'head' request uri query string not contain unencoded "=" characters. such request, server should treat query-string search-string , parse words, using rules

 search-string = search-word *( "+" search-word )  search-word   = 1*schar  schar         = unreserved | escaped | xreserved  xreserved     = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "," |                  "$"

after parsing, each search-word url-decoded, optionally encoded in system-defined manner , added command line argument list.

if server cannot create part of argument list, server must not generate command line information. example, number of arguments may greater operating system or server limits, or 1 of words may not representable argument.

the script should check see if query_string value contains unencoded "=" character, , should not use command line arguments if does.

emphasis mine


Comments

Post a Comment

Popular posts from this blog

php - How to add and update images or image url in Volusion using Volusion API -

actually have store importing products store product data insert , update image or image url not insert , update. this xml code name datapro.txt. <products_joined> <productcode>3710_012t</productcode> <vendor_partno>eah5450silent/di/1gd3(lp)</vendor_partno> <productname>test product ta</productname> <hideproduct>n</hideproduct> <stockstatus>20</stockstatus> <lastmodified>1/5/2016 10:25:00 am</lastmodified> <lastmodby>2</lastmodby> <productweight>0.9</productweight> <productprice>100</productprice> <productmanufacturer>asus tek</productmanufacturer> <vendor_price>32.69</vendor_price> <numproductssharingstock>0</numproductssharingstock> <categoryids>107</categoryids> <producturl>http://tebkq.mvlce.servertrust.com/productdetails.asp?productcode=3710_012t</producturl>
Read more

javascript - IE9 error '$'is not defined -

Image
<!--[if lte ie 9]><html class="lte9"><![endif]--><!--[if gt ie 9]><html><![endif]--> <!--[if !ie]><!--> <html> <!--<![endif]--> blah blah <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <script src="{{ asset('js/mypage.js') }}" type="text/javascript"></script> </body> </html> when load page, ie9 brings error '$' not defined . how can solve error? +++ mypage.js $(function(){ //when load page, //ie9 tag not moving. $(window).load(function() { $('div.mask').hide(); }); // when click , willshow show. //for not ie 9 if (!$('html').hasclass('lte9')) { var = $('ul.about > li > span.activebtn');
Read more