Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Improved robustness in CGI variable parsing. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | cgi-compliance |
Files: | files | file ages | folders |
SHA3-256: |
b8973500074aafd8b21cc13e2937f09a |
User & Date: | drh 2022-02-13 19:14:38 |
Context
2022-02-13
| ||
19:16 | Back out check-in [5bb921dd0893a548] which was wrong - the REQUEST_URI CGI parameter should include the query string. Improve the CGI variable documentation in comments. Improve robustness to malformed CGI variables. ... (check-in: e514eeea user: drh tags: trunk) | |
19:14 | Improved robustness in CGI variable parsing. ... (Closed-Leaf check-in: b8973500 user: drh tags: cgi-compliance) | |
00:26 | Back out [5bb921dd0893a548]. It turns out that REQUEST_URI should have the query string appended. Make other changes to cgi.c to bring it into "compliance". "Compliance" is in quotes because rfc3875 does not define REQUEST_URI. That variable is really just by conveniention. But Apache and Nginx both append the query string, so we should too. ... (check-in: fd1c9b09 user: drh tags: cgi-compliance) | |
Changes
Changes to src/cgi.c.
︙ | ︙ | |||
1194 1195 1196 1197 1198 1199 1200 | ** of REQUEST_URI. ** ** SCGI typically omits PATH_INFO. CGI sometimes omits REQUEST_URI and ** PATH_INFO when it is empty. ** ** CGI Parameter quick reference: ** | | | | | | | | | > > | 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 | ** of REQUEST_URI. ** ** SCGI typically omits PATH_INFO. CGI sometimes omits REQUEST_URI and ** PATH_INFO when it is empty. ** ** CGI Parameter quick reference: ** ** REQUEST_URI ** _____________|________________ ** / \ ** https://fossil-scm.org/forum/info/12736b30c072551a?t=c ** \___/ \____________/\____/\____________________/ \_/ ** | | | | | ** | HTTP_HOST | PATH_INFO QUERY_STRING ** | | ** REQUEST_SCHEMA SCRIPT_NAME ** */ void cgi_init(void){ char *z; const char *zType; char *zSemi; int len; const char *zRequestUri = cgi_parameter("REQUEST_URI",0); |
︙ | ︙ | |||
1224 1225 1226 1227 1228 1229 1230 | #endif g.isHTTP = 1; cgi_destination(CGI_BODY); /* We must have SCRIPT_NAME. If the web server did not supply it, try ** to compute it from REQUEST_URI and PATH_INFO. */ if( zScriptName==0 ){ | < | | < < < < < < | | | 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 | #endif g.isHTTP = 1; cgi_destination(CGI_BODY); /* We must have SCRIPT_NAME. If the web server did not supply it, try ** to compute it from REQUEST_URI and PATH_INFO. */ if( zScriptName==0 ){ if( zRequestUri==0 || zPathInfo==0 ){ malformed_request("missing SCRIPT_NAME"); /* Does not return */ } z = strstr(zRequestUri,zPathInfo); if( z==0 ){ malformed_request("PATH_INFO not found in REQUEST_URI"); } zScriptName = fossil_strndup(zRequestUri,(int)(z-zRequestUri)); cgi_set_parameter("SCRIPT_NAME", zScriptName); } #ifdef _WIN32 /* The Microsoft IIS web server does not define REQUEST_URI, instead it uses ** PATH_INFO for virtually the same purpose. Define REQUEST_URI the same as ** PATH_INFO and redefine PATH_INFO with SCRIPT_NAME removed from the |
︙ | ︙ |