package: apache2 severity: important When a request to a cgi script contains double slashes in the trailing URI component after the script name, the cgi environment variable is not set correctly. Tried on a (woody) apache 1.3 installation too, it works fine there. This severely affects automated URL creation from within cgi scripts.
Create an executable script in an apache2 cgi-bin directory with this content, e.g. as 'scriptname': ------ #!/bin/sh echo 'Content-Type: text/plain' echo echo 'script_name: ' $SCRIPT_NAME echo 'path_info: ' $PATH_INFO ------ Browse to the http://servername/cgi-bin/scriptname/abc/def/g URL, output is as expected: ------ script_name: /cgi-bin/scriptname path_info: /abc/def/g ------ Now browse to http://servername/cgi-bin/scriptname/abc/def//g and the abc/def component is wrongly added to SCRIPT_PATH: ------ script_name: /cgi-bin/scriptname/abc/def path_info: /abc/def/g ------ PATH_INFO is right in both cases. Regards, Filip -- "I feel like Microsoft is mostly unaware that their products are used in the real world." -- Jason Coombs on Microsoft product security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
