aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Brannon <chris@the-brannons.com>2021-07-31 21:09:51 -0700
committerChristopher Brannon <chris@the-brannons.com>2021-07-31 21:09:51 -0700
commit0d556243b8aba50e0bc638f0669702bf9f211641 (patch)
treea7ff27e9a311a9f9403834239443754bc894e2cc
parent5aa3eff924e2d9278205e66b824ceec51856d5a7 (diff)
downloadnawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar.gz
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar.bz2
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar.lz
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar.xz
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.tar.zst
nawp-0d556243b8aba50e0bc638f0669702bf9f211641.zip
Work around some legacy behavior on some web servers.0.2
https://en.wikipedia.org/wiki/Query_string#Indexed_search Some servers -- notably Apache and thttpd -- will take a query string that has no encoded = character and split it into command line arguments passed to the script. That's harmful here.
-rwxr-xr-xnawp.scm2
1 files changed, 1 insertions, 1 deletions
diff --git a/nawp.scm b/nawp.scm
index df8fa7c..5bc6f07 100755
--- a/nawp.scm
+++ b/nawp.scm
@@ -347,7 +347,7 @@
(define (main)
(match (command-line-arguments)
- (() (cgi-main))
+ (() (when (get-environment-variable "GATEWAY_INTERFACE") (cgi-main)))
((adduser username display-name)
(add-user username (read-password "Password: ") display-name))
(everything-else (help))))