httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis J." <>
Subject [users@httpd] Using ssi include directive overwrites QUERY_STRING variable
Date Mon, 05 Apr 2010 13:53:31 GMT
It looks like there is a serious bug in the handling of virtual includes 
with Apaches SSI filter.

Take the following code:
<!--#echo var="QUERY_STRING"-->
<!--#include virtual="/ssi2.php?abc=1"-->
<!--#echo var="QUERY_STRING"-->

If this is called with the query string "(url)?test=1" then the first echo 
will print "test=1" as expected but the second one will output "abc=1".
Apparently the include in the middle completely obliterates the original 
query string making it unusable for subsequent includes.

That's a major problem as soon as you use more than one SSI include with
QUERY_STRING in your pages.

According to the docs for "exec" the "CGI script is given the PATH_INFO and 
query string (QUERY_STRING) of the original request from the client" and 
"The include virtual  element should be used in preference to exec cgi. In 
particular, if you need to pass additional arguments to a CGI program, 
using the query string, this cannot be done with exec cgi, but can be done 
with include virtual, as shown here".
So I would expect the QUERY_STRING not to change when making virtual includes.

If I remove the following code from mod_include's output filter:
     if (r->args) {
         char *arg_copy = apr_pstrdup(r->pool, r->args);

         apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
         apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
                   ap_escape_shell_cmd(r->pool, arg_copy));

The QUERY STRING variable no longer gets changed and the called ssi2.php 
still gets the "abc=1" as query string but I'm sure there is a reason for 
this code to be there.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message