Bug#296590: apache2: cgi SCRIPT_PATH broken

To: submit@bugs.debian.org
Subject: Bug#296590: apache2: cgi SCRIPT_PATH broken
From: Filip Van Raemdonck <mechanix@debian.org>
Date: Wed, 23 Feb 2005 14:11:01 +0100
Message-id: <[🔎] 20050223131101.GA8868@slider2.rack66.net>
Reply-to: Filip Van Raemdonck <mechanix@debian.org>, 296590@bugs.debian.org

package: apache2
severity: important

When a request to a cgi script contains double slashes in the trailing URI
component after the script name, the cgi environment variable is not set
correctly. Tried on a (woody) apache 1.3 installation too, it works fine
there.
This severely affects automated URL creation from within cgi scripts.

Create an executable script in an apache2 cgi-bin directory with this
content, e.g. as 'scriptname':

------
#!/bin/sh

echo 'Content-Type: text/plain'
echo
echo 'script_name: ' $SCRIPT_NAME
echo 'path_info: ' $PATH_INFO
------

Browse to the http://servername/cgi-bin/scriptname/abc/def/g URL, output
is as expected:

------
script_name:  /cgi-bin/scriptname
path_info:  /abc/def/g
------

Now browse to http://servername/cgi-bin/scriptname/abc/def//g and the
abc/def component is wrongly added to SCRIPT_PATH:

------
script_name:  /cgi-bin/scriptname/abc/def
path_info:  /abc/def/g
------

PATH_INFO is right in both cases.


Regards,

Filip

-- 
"I feel like Microsoft is mostly unaware that their products are used in
 the real world."
	-- Jason Coombs on Microsoft product security

Reply to:

Prev by Date: Re:受信
Next by Date: Processed: Re: Bug#295428: FTBFS: autoconf bug?
Previous by thread: Re:受信
Next by thread: Bug#296728: apache2: Apache should only read .conf$ files in conf.d
Index(es):
- Date
- Thread