Bug#296590: marked as done (apache2: cgi SCRIPT_PATH broken)

To: Stefan Fritsch <sf@sfritsch.de>
Subject: Bug#296590: marked as done (apache2: cgi SCRIPT_PATH broken)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 04 Jul 2007 23:12:02 +0000
Message-id: <[🔎] handler.296590.D296590.11835906825236.ackdone@bugs.debian.org>
References: <200707050111.20354.sf@sfritsch.de> <20050223131101.GA8868@slider2.rack66.net>

Your message dated Thu, 5 Jul 2007 01:11:15 +0200
with message-id <200707050111.20354.sf@sfritsch.de>
and subject line #296590 apache2: cgi SCRIPT_PATH broken
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org
Subject: apache2: cgi SCRIPT_PATH broken
From: Filip Van Raemdonck <mechanix@debian.org>
Date: Wed, 23 Feb 2005 14:11:01 +0100
Message-id: <20050223131101.GA8868@slider2.rack66.net>

package: apache2
severity: important

When a request to a cgi script contains double slashes in the trailing URI
component after the script name, the cgi environment variable is not set
correctly. Tried on a (woody) apache 1.3 installation too, it works fine
there.
This severely affects automated URL creation from within cgi scripts.

Create an executable script in an apache2 cgi-bin directory with this
content, e.g. as 'scriptname':

------
#!/bin/sh

echo 'Content-Type: text/plain'
echo
echo 'script_name: ' $SCRIPT_NAME
echo 'path_info: ' $PATH_INFO
------

Browse to the http://servername/cgi-bin/scriptname/abc/def/g URL, output
is as expected:

------
script_name:  /cgi-bin/scriptname
path_info:  /abc/def/g
------

Now browse to http://servername/cgi-bin/scriptname/abc/def//g and the
abc/def component is wrongly added to SCRIPT_PATH:

------
script_name:  /cgi-bin/scriptname/abc/def
path_info:  /abc/def/g
------

PATH_INFO is right in both cases.


Regards,

Filip

-- 
"I feel like Microsoft is mostly unaware that their products are used in
 the real world."
	-- Jason Coombs on Microsoft product security

--- End Message ---

--- Begin Message ---

To: 296590-done@bugs.debian.org, 296590-submitter@bugs.debian.org

Subject: #296590 apache2: cgi SCRIPT_PATH broken

From: Stefan Fritsch <sf@sfritsch.de>

Date: Thu, 5 Jul 2007 01:11:15 +0200

Message-id: <200707050111.20354.sf@sfritsch.de>
Version: 2.2.3-1

I can't reproduce this with 2.2.4. I will assume it was fixed with 
2.2.x and close the bug.
Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

Reply to:

Prev by Date: Processed: tagging 387565
Next by Date: Bug#395823: workaround for 395823
Previous by thread: Processed: tagging 387565
Next by thread: Bug#395823: workaround for 395823
Index(es):
- Date
- Thread