>Number: 3330 >Category: mod_cgi >Synopsis: wrong environment variables passed to cgi programs. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Nov 2 00:20:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 + mod_perl 1.16 + ... >Environment: SunOS palo-alto 5.6 Generic i86pc i386 compiled with gcc. >Description: I noticed that environment variables that do not correspond to the request are passed to cgi programs. esp. HTTP_REFERER and HTTP_FROM.
My interpretation is the following: HTTP fields that are not set in the request do not override previous settings in the environment (HTTP_* variables). Hence the CGI get wrong values that correspond to previous requests to the server. I noticed this problem with mod_perl, so maybe the problem only appears because of mod_perl. >How-To-Repeat: Invoque a printenv cgi program and look at its output. >Fix: Don't forget to reset environment variables. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
