ASF Bugzilla – Attachment 35293 Details for
Bug 61489
Disable creation of command line parameters from GET parameters in the URL for CGIServlet
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Make evaluation of enableCmdLineArguments in outer if.
CGIServlet.java.CmdLineArguments.patch (text/plain), 1.64 KB, created by
jm009
on 2017-09-05 09:14:15 UTC
(
hide
)
Description:
Make evaluation of enableCmdLineArguments in outer if.
Filename:
MIME Type:
Creator:
jm009
Created:
2017-09-05 09:14:15 UTC
Size:
1.64 KB
patch
obsolete
>Index: java/org/apache/catalina/servlets/CGIServlet.java >=================================================================== >--- java/org/apache/catalina/servlets/CGIServlet.java (revision 1807314) >+++ java/org/apache/catalina/servlets/CGIServlet.java (working copy) >@@ -282,6 +282,12 @@ > /** the shell environment variables to be passed to the CGI script */ > private final Hashtable<String,String> shellEnv = new Hashtable<>(); > >+ /** enable creation of script command line arguments from query-string. >+ * See https://tools.ietf.org/html/rfc3875#section-4.4 >+ * 4.4. The Script Command Line >+ */ >+ private boolean enableCmdLineArguments = false; >+ > /** > * Sets instance variables. > * <P> >@@ -341,6 +347,9 @@ > envHttpHeadersPattern = > Pattern.compile(getServletConfig().getInitParameter("envHttpHeaders")); > } >+ >+ enableCmdLineArguments = >+ Boolean.parseBoolean(config.getInitParameter("enableCmdLineArguments")); > } > > >@@ -670,9 +679,8 @@ > // does not contain an unencoded "=" this is an indexed query. > // The parsed query string becomes the command line parameters > // for the cgi command. >- if (req.getMethod().equals("GET") >- || req.getMethod().equals("POST") >- || req.getMethod().equals("HEAD")) { >+ if (enableCmdLineArguments && (req.getMethod().equals("GET") >+ || req.getMethod().equals("POST") || req.getMethod().equals("HEAD"))) { > String qs; > if (isIncluded) { > qs = (String) req.getAttribute(
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=35293">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 61489
:
35290
| 35293