https://issues.apache.org/bugzilla/show_bug.cgi?id=57580
Yann Ylavic <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |INVALID --- Comment #3 from Yann Ylavic <[email protected]> --- (In reply to D. Stussy from comment #2) > Maybe so, but regardless of the fix in BASH, the Apache HTTPD server should > still not be passing the value to a(ny) command interpreter - and THAT is a > bug in this software. Which value shouldn't be passed, any? Apache HTTPd is not responsible for the interpreter to mis-interpret the value (a plain text). There are third party modules (mod_security, mod_untaint, ...) that will filter/block/act on values that shouldn't be passed to CGIs, but that's not considered a core httpd feature. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
