>Number: 644 >Category: mod_include >Synopsis: SSI: QUERY_STRING >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat May 31 05:20:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2b10 >Environment: linux 2.0.27 >Description: hello,
Suggest you write a SSI page like: <form method=get action="/test.shtml"> <input type=text name=test1> <input type=text name=test2> <input type=submit name=submit value=submit> </form> <!--#include virtual="/cgi-global/printenv?$QUERY_STRING" --> <!--#include virtual="/cgi-local/give.me.the.input?$QUERY_STRING" --> and you enter an '&' in one of the textfields e.g.: AT & T you'll get: QUERY_STRING_UNESCAPED = test1=AT+\&+T\&test2=\&submit=submit QUERY_STRING = test1=AT+&+T&test2=&submit=submit you see that splitting at '&' in 'give.me.the.input' leads to faliures. Is there a chance to get the original Querystring sent from the Browser, or am i just too stupid ? ( ESCAPED with % ) thank you in advance paul >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted:
