Attached is a patch that impliments a new directive in mod_include.c, #parseqs, which parses the name=value pairs on the query string and places the results in the subprocess environment table, allowing you to do highly neat things with SSI scripts. I found this feature to be quite useful.
Caveats: 1. A potential security problem is that a malicious person may be able to use it to override important environment variables on a page where he knows #parseqs is in use. We might want to disallow all-CAPS variables from being modified in this fashion.
2. There is no support for query string variables with multiple values.
In general this is really a desired feature. Thanks! There are some issues, anyway ;-)
- one should recognize ; as delimiter as well (ok, trivial)
- to circumvent the security flaw, I'd suggest to extend the #set handler instead, for example: <!--#set var="foo" query="param_name" -->, which would be really safe. I'm not sure, whether the query parameter should be expanded. Opinions?
- The second one could be solved with things like
<!#--set var="foo" query="param_name[i]" -->, where i starts with 0 or 1 (?).
- what about unescaping the values?
There's still another point. I'd add this to the 2.1 branch only, because (a) we're going forward *there*, (b) mod_include was redesigned to give a way better interface and (c) we should not play with our (not really, but ...) stable branch.
Please attach patches as text/plain.Please go easy on me. :) I haven't submitted anything to Apache before, but I found this hack to be quite useful. I look forward to your comments.
Thanks, nd
