Bug#296590: apache2: cgi SCRIPT_PATH broken
When a request to a cgi script contains double slashes in the trailing URI
component after the script name, the cgi environment variable is not set
correctly. Tried on a (woody) apache 1.3 installation too, it works fine
This severely affects automated URL creation from within cgi scripts.
Create an executable script in an apache2 cgi-bin directory with this
content, e.g. as 'scriptname':
echo 'Content-Type: text/plain'
echo 'script_name: ' $SCRIPT_NAME
echo 'path_info: ' $PATH_INFO
Browse to the http://servername/cgi-bin/scriptname/abc/def/g URL, output
is as expected:
Now browse to http://servername/cgi-bin/scriptname/abc/def//g and the
abc/def component is wrongly added to SCRIPT_PATH:
PATH_INFO is right in both cases.
"I feel like Microsoft is mostly unaware that their products are used in
the real world."
-- Jason Coombs on Microsoft product security