Bug 41008 - POST request ignores command line parameters
POST request ignores command line parameters
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Servlets:CGI
5.5.20
PC Windows Server 2003
: P5 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2006-11-21 09:20 UTC by Thomas Wiesel
Modified: 2006-11-24 15:59 UTC (History)
0 users



Attachments
Patch to include POST query method when determining if the query string should be converted to CGI command line params (2.17 KB, patch)
2006-11-22 22:10 UTC, Chris Halstead
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Wiesel 2006-11-21 09:20:32 UTC
example:
<form method="POST" action="test.exe?test1"><input type="hidden"
value="test2"><input type="submit"></form>

this code does invoke the test.exe without passing the test1 command line parameter

the example works in apache httpd and ms iis

fix:

CGIServlet.java

           if (!"GET".equals(req.getMethod()) && !"POST".equals(req.getMethod()) &&
                    !"HEAD".equals(req.getMethod()))
                return;
Comment 1 Chris Halstead 2006-11-22 22:10:00 UTC
Created attachment 19164 [details]
Patch to include POST query method when determining if the query string should be converted to CGI command line params

Attached patch updates CGIServlet so that POSTs will be included when
determining whether the query string should be converted to CGI command line
arguments.  It also cleans up the logic a bit.	This behavior mirrors the
behavior of the Apache httpd.
Comment 2 Thomas Wiesel 2006-11-24 01:19:36 UTC
(In reply to comment #1)
> Created an attachment (id=19164) [edit]
> Patch to include POST query method when determining if the query string should
> be converted to CGI command line params
> 
> Attached patch updates CGIServlet so that POSTs will be included when
> determining whether the query string should be converted to CGI command line
> arguments.  It also cleans up the logic a bit.	This behavior mirrors the
> behavior of the Apache httpd.

Patch works fine, thank you!
Comment 3 Mark Thomas 2006-11-24 15:59:02 UTC
Thanks for the patch. It has been applied to SVN and will be in 5.5.21 and 6.0.3
onwards.