Using ssi include directive overwrites QUERY_STRING variable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
It looks like there is a serious bug in the handling of virtual includes with Apaches SSI filter.

Take the following code:
<html><body>
<!--#echo var="QUERY_STRING"-->
<!--#include virtual="/ssi2.php?abc=1"-->
<!--#echo var="QUERY_STRING"-->
</body></html>

If this is called with the query string "(url)?test=1" then the first echo will print "test=1" as expected but the second one will output "abc=1". Apparently the include in the middle completely obliterates the original query string making it unusable for subsequent includes.

That's a major problem as soon as you use more than one SSI include with
QUERY_STRING in your pages.

According to the docs for "exec" the "CGI script is given the PATH_INFO and query string (QUERY_STRING) of the original request from the client" and "The include virtual element should be used in preference to exec cgi. In particular, if you need to pass additional arguments to a CGI program, using the query string, this cannot be done with exec cgi, but can be done with include virtual, as shown here".
So I would expect the QUERY_STRING not to change when making virtual includes.

If I remove the following code from mod_include's output filter:
...
    if (r->args) {
        char *arg_copy = apr_pstrdup(r->pool, r->args);

        apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
        ap_unescape_url(arg_copy);
        apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
                  ap_escape_shell_cmd(r->pool, arg_copy));
    }
...

The QUERY STRING variable no longer gets changed and the called ssi2.php still gets the "abc=1" as query string but I'm sure there is a reason for this code to be there.

Regards,
  Dennis

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux