NetBSD Problem Report #40355

From jnemeth@cornerstoneservice.ca  Sat Jan 10 00:46:20 2009
Return-Path: <jnemeth@cornerstoneservice.ca>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id C000663B8BA
	for <gnats-bugs@gnats.netbsd.org>; Sat, 10 Jan 2009 00:46:19 +0000 (UTC)
Message-Id: <200901100046.n0A0kHau003299@server.cornerstoneservice.ca>
Date: Fri, 9 Jan 2009 16:46:17 -0800 (PST)
From: jnemeth@cornerstoneservice.ca
Reply-To: jnemeth@cornerstoneservice.ca
To: gnats-bugs@gnats.NetBSD.org
Subject: httpd doesn't ignore arguments to plain files
X-Send-Pr-Version: 3.95

>Number:         40355
>Category:       bin
>Synopsis:       httpd doesn't ignore arguments to plain files
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    mrg
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 10 00:50:00 +0000 2009
>Closed-Date:    Tue Aug 18 08:06:01 +0000 2009
>Last-Modified:  Tue Aug 18 08:06:01 +0000 2009
>Originator:     John Nemeth
>Release:        -current
>Organization:
Cornerstone Service
>Environment:
any -current system after httpd was imported
>Description:
	Some web based applications will request a plain file with
an add argument to do cache busting, i.e.:

http://website/directory/file?foo=<random number>

httpd will look for a file called "file?foo=<random number>" and
return a 404 error instead of simply ignoring the argument.
>How-To-Repeat:
	Try to fetch a plain file from a machine running httpd and
append an argument (see above for example).
>Fix:
	Drop arguments from requests for anything outside of cgi-bin.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->feedback
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sat, 18 Apr 2009 12:45:09 +0000
State-Changed-Why:
can you see if this is fixed recently?  i think the fixes from
coyote point may have covered this issue.

thanks.


Responsible-Changed-From-To: bin-bug-people->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sat, 18 Apr 2009 12:45:20 +0000
Responsible-Changed-Why:
mine


State-Changed-From-To: feedback->closed
State-Changed-By: jnemeth@NetBSD.org
State-Changed-When: Tue, 18 Aug 2009 08:06:01 +0000
State-Changed-Why:
Fixed some time ago, and working in 5.0.  Thanks!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.