ghsa-3qgc-jrrr-25jv.phpt - OpenGrok history log for /php-src/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt

Revision		Date	Author	Comments
# 93826731		17-May-2024	Niels Dossche <7771979+nielsdos@users.noreply.github.com>	Fix GHSA-3qgc-jrrr-25jv The original code is error-prone due to the "best fit mapping" that happens with the argument parsing but not with the query string. When we get a non-ASCII c Fix GHSA-3qgc-jrrr-25jv The original code is error-prone due to the "best fit mapping" that happens with the argument parsing but not with the query string. When we get a non-ASCII character, try to remap it and see if it becomes a hyphen. An alternative approach is to create a custom main `wmain` receiving wide-character variations that does the ANSI transformation with the best-fit mapping, but that's more error-prone and could cause unexpected breakage. Another alternative was just don't doing this check altogether and always check for `cgi \|\| fastcgi` instead, but that breaks real-world use-cases. show more ...

Revision

Date

Author

Comments

# 93826731

17-May-2024

Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix GHSA-3qgc-jrrr-25jv

The original code is error-prone due to the "best fit mapping" that
happens with the argument parsing but not with the query string.
When we get a non-ASCII c

Fix GHSA-3qgc-jrrr-25jv

The original code is error-prone due to the "best fit mapping" that
happens with the argument parsing but not with the query string.
When we get a non-ASCII character, try to remap it and see if it becomes
a hyphen.

An alternative approach is to create a custom main `wmain` receiving
wide-character variations that does the ANSI transformation with the
best-fit mapping, but that's more error-prone and could cause unexpected
breakage.

Another alternative was just don't doing this check altogether and
always check for `cgi || fastcgi` instead, but that breaks real-world
use-cases.