httpd translates %xx and generates a false QUERY_STRING for cgi scripts.
Dirk Clemens
develop at cle-mens.de
Sat Sep 3 08:31:03 UTC 2005
Rob Landley wrote:
>On Friday 02 September 2005 11:58, Dirk Clemens wrote:
>
>
>>Dirk Clemens wrote:
>>
>>
>>>The httpd translates %xx sequences in the query string into the
>>>ascii representation. But this is bad, because a cgi programm must
>>>distinguish between '&' and '%26' and other chars with special meanings.
>>>
>>>
>>And here is the patch.
>>
>>
>
>Looks sane, but I don't use this code.
>
>I could I get a second opinion from somebody who's played with this before I
>apply it?
>
>
I understand your caution against a newbie and have no problems with this.
Dirk
More information about the busybox
mailing list