[LEDE-DEV] uhttpd problems with env variable in cgi

Karl Palsson karlp at tweak.net.au
Fri Oct 20 15:57:16 PDT 2017


p.wassi at gmx.at wrote:
> Hi List,
> Hi Felix,
> 
> I currently experience kind of weird behavour in uhttpd, which
> I did not see in Chaos Calmer's version of uhttpd: When
> enabling HTTP authentication, the $QUERY_STRING is not always
> set to the value I expect it to be. Please have a look at [1],
> where I summarised the steps to (deterministically) reproduce
> the issue. Sometimes even (parts of) HTTP headers become
> visible in that variable. Once HTTP authentication is disabled,
> everything seems to be ok.
> 
> Best regards,
> P. Wassi
> 
> [1]:
> https://pwassi.privatedns.org/lede/uhttpd/

It doesn't seem related, but the biggest change I noticed moving
from CC to LEDE was that uhttpd now (correctly really) didn't
provide environment variables that were not provided as empty
strings as it had in the past. I had to deal with this cgi's that
were checking for env vars. [1]

There's really been very few commits to uhttpd, it shouldn't be
hard to bisect to the specific one that causes this. ~20 in the
last 2 years, and a few of them specifically related to auth
settings.

Cheers,
Karl P


[1]
https://git.lede-project.org/?p=project/uhttpd.git;a=commit;h=fa51d7fbc67aa27b423c50c77b817514de6def09
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.html
Type: application/pgp-signature
Size: 1161 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20171020/67b16ee2/attachment.sig>


More information about the Lede-dev mailing list