Hello,According to the rfc822#section-3.2, SPACE character is not allowed in the header field name. I have tested apache httpd version 2.2.16 and 2.4.12 and with both installations a header with the trailing space in the field name is passed to a CGI script's environment (in both cases mod_cgid is active if that matters). Attached you can find two simple tests and a simple CGI script used for these tests:
in first case used one header: X-MSISDN<SPACE>:<SPACE>test it is passed to CGI script as HTTP_X_MSISDN variable. in the second case I used two headers: X-MSISDN<SPACE>:<SPACE>test X-MSISDN:<SPACE>test2both translate to the same HTTP_X_MSISDN environment variable with two values separated by the comma.
Is there any reason to not ignore a header with the trailing space in the field name and pass it to the CGI environment?
If not, is it a bug or I am missing something? Thanks in advance, -- George Chelidze
$ telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /cgi-bin/test.pl HTTP/1.0 Host: localhost X-MSISDN : test HTTP/1.1 200 OK Date: Tue, 14 Apr 2015 05:48:52 GMT Server: Apache/2.4.12 (Unix) Connection: close Content-Type: text/html CONTEXT_DOCUMENT_ROOT = /opt/apache-httpd-2.4.12/cgi-bin/ CONTEXT_PREFIX = /cgi-bin/ DOCUMENT_ROOT = /opt/apache-httpd-2.4.12/htdocs GATEWAY_INTERFACE = CGI/1.1 HTTP_HOST = localhost HTTP_X_MSISDN = test LD_LIBRARY_PATH = /opt/apache-httpd-2.4.12/lib PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin QUERY_STRING = REMOTE_ADDR = 127.0.0.1 REMOTE_PORT = 48017 REQUEST_METHOD = GET REQUEST_SCHEME = http REQUEST_URI = /cgi-bin/test.pl SCRIPT_FILENAME = /opt/apache-httpd-2.4.12/cgi-bin/test.pl SCRIPT_NAME = /cgi-bin/test.pl SERVER_ADDR = 127.0.0.1 SERVER_ADMIN = [email protected] SERVER_NAME = localhost SERVER_PORT = 80 SERVER_PROTOCOL = HTTP/1.0 SERVER_SIGNATURE = SERVER_SOFTWARE = Apache/2.4.12 (Unix) Connection closed by foreign host.
$ telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /cgi-bin/test.pl HTTP/1.0 Host: localhost X-MSISDN : test X-MSISDN: test2 HTTP/1.1 200 OK Date: Tue, 14 Apr 2015 05:54:45 GMT Server: Apache/2.4.12 (Unix) Connection: close Content-Type: text/html CONTEXT_DOCUMENT_ROOT = /opt/apache-httpd-2.4.12/cgi-bin/ CONTEXT_PREFIX = /cgi-bin/ DOCUMENT_ROOT = /opt/apache-httpd-2.4.12/htdocs GATEWAY_INTERFACE = CGI/1.1 HTTP_HOST = localhost HTTP_X_MSISDN = test, test2 LD_LIBRARY_PATH = /opt/apache-httpd-2.4.12/lib PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin QUERY_STRING = REMOTE_ADDR = 127.0.0.1 REMOTE_PORT = 48128 REQUEST_METHOD = GET REQUEST_SCHEME = http REQUEST_URI = /cgi-bin/test.pl SCRIPT_FILENAME = /opt/apache-httpd-2.4.12/cgi-bin/test.pl SCRIPT_NAME = /cgi-bin/test.pl SERVER_ADDR = 127.0.0.1 SERVER_ADMIN = [email protected] SERVER_NAME = localhost SERVER_PORT = 80 SERVER_PROTOCOL = HTTP/1.0 SERVER_SIGNATURE = SERVER_SOFTWARE = Apache/2.4.12 (Unix) Connection closed by foreign host.
test.pl
Description: Perl program
