>Number: 5758
>Category: mod_cgi
>Synopsis: QUERY_STRING-UNESCAPED returns many characters prefixed with a
>\ (backslash)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Feb 14 15:30:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Release: 1.3.11
>Organization:
apache
>Environment:
UNIX and Windows/98
>Description:
A URI with a query string of [abc] is urlencoded as
uri?%5Babc%5D
The QUERY_STRING_UNESCAPED variable is set to \[abc\]
I cannot find any documentation about QUERY_STRING_UNESCAPED
and would have expected QUERY_STRING_UNESCAPED to be set to [abc].
Not all urlencoded characters will be preceeded by a \. "=+" are
unescaped without the \ (ie 3D%2B becomes "=+") but urlencoded {} (%7B%7D)
is held in QUERY_STRING_UNESCAPED as \{\}.
>How-To-Repeat:
Use http://www.hcidata.co.uk/testenvi.htm
This will submit a form (method=GET) with many non-alphanumeric characters.
The next html page uses SSIs to echo various environmental variables such as
QUERY_STRING_UNESCAPED
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
