>Number: 1616 >Category: general >Synopsis: Server can not strip $ and ? in the same URL >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jan 2 12:50:01 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.3 >Environment: Linux 2.0.30 24Mb RAM HDD 600 MB >Description: When submitting a CGI script to the server with the following $ and ? in the same URL, Apache will not or forget to strip and pass to the Query String (GET METHOD) everything after the $. >How-To-Repeat: http://www.xxx.com/cgi-bin/getString.sh$var1?1,5
Everything after the ? are coordinates of an image map. >Fix: Have Apache strip everything after $ if it is first there. Whatever is after the *.sh (either the $ or ? separator) strip and pass it the the CGI. WebSTAR 2.0 for Macintosh will actually do that. Thank you Richard Bigot [EMAIL PROTECTED] >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
