git.shiar.nl / perl / plp / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0dee415)
404 handling for pre-parsed CGI handling
authorMischa POSLAWSKY <perl@shiar.org>
Fri, 27 Jul 2007 19:13:52 +0000 (19:13 +0000)
committerMischa POSLAWSKY <perl@shiar.org>
Fri, 14 Mar 2008 00:29:14 +0000 (01:29 +0100)
When using SCRIPT_FILENAME provided by server, still make sure the file
exists. Lighttpd can provide non-existant files when setting check-local
is turned off.

PATH_TRANSLATED handling (i.e. Apache) is unaffected: always does 404
checking when walking the path.

PLP/CGI.pm patch | blob | history

diff --git a/PLP/CGI.pm b/PLP/CGI.pm
index ee81b37d0d0522001954b377540dc15bc1d595a5..9b72355c55eafd1050d20a7ae4fab305a2814fbe 100644 (file)
--- a/PLP/CGI.pm
+++ b/PLP/CGI.pm
@@ -32,6 +32,11 @@ sub init {
                $ENV{SCRIPT_FILENAME} = $path;
                $ENV{SCRIPT_NAME} = $rel;
        }
+       elsif (not -f $ENV{SCRIPT_FILENAME}) {
+               print STDERR "PLP: Not found: $ENV{SCRIPT_FILENAME} ($ENV{REQUEST_URI})\n";
+               PLP::error(undef, 404);
+               return;
+       }
 
        $ENV{"PLP_$_"} = $ENV{"SCRIPT_$_"} for qw/NAME FILENAME/;
 
PLP - Perl in HTML pages