PR#644: mod_include trampled on r->args when it shouldn't

author dgaudet <dgaudet@unknown>

Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)

committer dgaudet <dgaudet@unknown>

Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)
author dgaudet <dgaudet@unknown>
Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)
committer dgaudet <dgaudet@unknown>
Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)
diff --git a/APACHE_1_2_X/src/CHANGES b/APACHE_1_2_X/src/CHANGES

index b88577e7acc5ebdfc9355425709d10ac95130a61..5888a201ae5302fa556997ef9ae200e85ab50ae2 100644 (file)
--- a/APACHE_1_2_X/src/CHANGES
+++ b/APACHE_1_2_X/src/CHANGES
@@ -20,6 +20,9 @@ Changes with Apache 1.2.1
       for the net if we require people that actually need this data to
       enable it.  [Linus Torvalds]
  
+  *) QUERY_STRING was unescaped in mod_include, it shouldn't be.
+     [Dean Gaudet] PR#644
+
    *) mod_include was not properly changing the current directory.
       [Marc Slemko] PR#742
  
diff --git a/APACHE_1_2_X/src/modules/standard/mod_include.c b/APACHE_1_2_X/src/modules/standard/mod_include.c

index d38694cd30a30d43a111caa724c1d1e8cae2fdfb..2c2d2ad57e08a75862d4af58ab92abef0762ea2d 100644 (file)
--- a/APACHE_1_2_X/src/modules/standard/mod_include.c
+++ b/APACHE_1_2_X/src/modules/standard/mod_include.c
@@ -128,9 +128,11 @@ void add_include_vars(request_rec *r, char *timefmt)
      else
          table_set (e, "DOCUMENT_NAME", r->uri);
      if (r->args) {
-        unescape_url (r->args);
+       char *arg_copy = pstrdup (r->pool, r->args);
+
+        unescape_url (arg_copy);
           table_set (e, "QUERY_STRING_UNESCAPED",
-                  escape_shell_cmd (r->pool, r->args));
+                  escape_shell_cmd (r->pool, arg_copy));
      }
  }
  
@@ -625,10 +627,12 @@ void include_cmd_child (void *arg)
      }
  
      if (r->args) {
+       char *arg_copy = pstrdup (r->pool, r->args);
+
          table_set (env, "QUERY_STRING", r->args);
-       unescape_url (r->args);
+       unescape_url (arg_copy);
         table_set (env, "QUERY_STRING_UNESCAPED",
-                  escape_shell_cmd (r->pool, r->args));
+                  escape_shell_cmd (r->pool, arg_copy));
      }
      
      error_log2stderr (r->server);
@@ -1666,10 +1670,12 @@ void send_parsed_content(FILE *f, request_rec *r)
  
      chdir_file (r->filename);
      if (r->args) { /* add QUERY stuff to env cause it ain't yet */
+       char *arg_copy = pstrdup (r->pool, r->args);
+
          table_set (r->subprocess_env, "QUERY_STRING", r->args);
-        unescape_url (r->args);
+        unescape_url (arg_copy);
          table_set (r->subprocess_env, "QUERY_STRING_UNESCAPED",
-                escape_shell_cmd (r->pool, r->args));
+                escape_shell_cmd (r->pool, arg_copy));
      }
  
      while(1) {
author	dgaudet <dgaudet@unknown>
	Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)
committer	dgaudet <dgaudet@unknown>
	Sat, 28 Jun 1997 22:01:42 +0000 (22:01 +0000)
APACHE_1_2_X/src/CHANGES		patch \| blob \| blame \| history
APACHE_1_2_X/src/modules/standard/mod_include.c		patch \| blob \| blame \| history