Using ssi include directive overwrites QUERY_STRING variable

Hi,
It looks like there is a serious bug in the handling of virtual includes
with Apaches SSI filter.

Take the following code:






If this is called with the query string "(url)?test=1" then the first echo
will print "test=1" as expected but the second one will output "abc=1".
Apparently the include in the middle completely obliterates the original
query string making it unusable for subsequent includes.

That's a major problem as soon as you use more than one SSI include with
QUERY_STRING in your pages.

According to the docs for "exec" the "CGI script is given the PATH_INFO and
query string (QUERY_STRING) of the original request from the client" and
"The include virtual element should be used in preference to exec cgi. In
particular, if you need to pass additional arguments to a CGI program,
using the query string, this cannot be done with exec cgi, but can be done
with include virtual, as shown here".
So I would expect the QUERY_STRING not to change when making virtual includes.

If I remove the following code from mod_include's output filter:
....
if (r->args) {
char *arg_copy = apr_pstrdup(r->pool, r->args);

apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
ap_unescape_url(arg_copy);
apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
ap_escape_shell_cmd(r->pool, arg_copy));
}
....

The QUERY STRING variable no longer gets changed and the called ssi2.php
still gets the "abc=1" as query string but I'm sure there is a reason for
this code to be there.

Regards,
Dennis

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Using ssi include directive overwritesQUERY_STRING variable

What version did you see this with? If not 2.2.15, it might be fixed in
2.2.15 by the subrequest headers fix. Give it a try.

Dan

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Using ssi include directive overwrites QUERY_STRINGvariable

On 04/05/2010 08:36 PM, Dan Poirier wrote:
> What version did you see this with? If not 2.2.15, it might be fixed in
> 2.2.15 by the subrequest headers fix. Give it a try.

I'm seeing this with 2.2.14, yesterdays fedora build of 2.2.15 and the
latest Centos 5 version 2.2.3-31.el5.centos.4

Regards,
Dennis

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Using ssi include directive overwrites QUERY_STRINGvariable

On 04/05/2010 09:35 PM, Dennis J. wrote:
> On 04/05/2010 08:36 PM, Dan Poirier wrote:
>> What version did you see this with? If not 2.2.15, it might be fixed in
>> 2.2.15 by the subrequest headers fix. Give it a try.
>
> I'm seeing this with 2.2.14, yesterdays fedora build of 2.2.15 and the
> latest Centos 5 version 2.2.3-31.el5.centos.4

BTW I filed a bug here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49043

Regards,
Dennis

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org