Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | The REQUEST_URI CGI parameter should not include the QUERY_STRING. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
5bb921dd0893a5486ff8c5de74cb986a |
User & Date: | drh 2022-02-11 21:25:21 |
References
2022-02-13
| ||
19:16 | Back out check-in [5bb921dd0893a548] which was wrong - the REQUEST_URI CGI parameter should include the query string. Improve the CGI variable documentation in comments. Improve robustness to malformed CGI variables. ... (check-in: e514eeea user: drh tags: trunk) | |
01:35 |
Cherry-pick from branch 'cgi-compliance' (and thus back out [5bb921dd0893a548]).
Adapt the computation of g.zUrlSuffix in set_base_url() accordingly.
...
(check-in: 5c649c7e user: george tags: base-href-fix)
| |
00:26 | Back out [5bb921dd0893a548]. It turns out that REQUEST_URI should have the query string appended. Make other changes to cgi.c to bring it into "compliance". "Compliance" is in quotes because rfc3875 does not define REQUEST_URI. That variable is really just by conveniention. But Apache and Nginx both append the query string, so we should too. ... (check-in: fd1c9b09 user: drh tags: cgi-compliance) | |
Context
2022-02-12
| ||
00:38 | Robot defense uses a mousedown event rather than mouse motion as one of the signals that the request is from a human. This should make robot defense work better for users on mobile. ... (check-in: 8d4e1143 user: drh tags: trunk) | |
2022-02-11
| ||
21:25 | The REQUEST_URI CGI parameter should not include the QUERY_STRING. ... (check-in: 5bb921dd user: drh tags: trunk) | |
16:00 | Improvements to the /admin_sql page. ... (check-in: 6325f81d user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
︙ | ︙ | |||
1864 1865 1866 1867 1868 1869 1870 | } cgi_setenv("GATEWAY_INTERFACE","CGI/1.0"); cgi_setenv("REQUEST_METHOD",zToken); zToken = extract_token(z, &z); if( zToken==0 ){ malformed_request("malformed URL in HTTP header"); } | < > | 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 | } cgi_setenv("GATEWAY_INTERFACE","CGI/1.0"); cgi_setenv("REQUEST_METHOD",zToken); zToken = extract_token(z, &z); if( zToken==0 ){ malformed_request("malformed URL in HTTP header"); } cgi_setenv("SCRIPT_NAME", ""); for(i=0; zToken[i] && zToken[i]!='?'; i++){} if( zToken[i] ) zToken[i++] = 0; cgi_setenv("REQUEST_URI", zToken); cgi_setenv("PATH_INFO", zToken); cgi_setenv("QUERY_STRING", &zToken[i]); if( zIpAddr==0 ){ zIpAddr = cgi_remote_ip(fileno(g.httpIn)); } if( zIpAddr ){ cgi_setenv("REMOTE_ADDR", zIpAddr); |
︙ | ︙ |