From bb5c2cd12e7d8c523dfb7912d997c842e102d271 Mon Sep 17 00:00:00 2001 From: low012 Date: Fri, 2 Jan 2009 11:18:26 +0000 Subject: [PATCH] *) ISINDEX parameters will not be put on commandline anymore to prevent possible security hazards (better safe than sorry). Parmeters will have to be read from QUERY_STRING in ISINDEX case too which does not seem to be uncommon behaviour for web servers: http://vms.pdv-systeme.de/users/martinv/cgi_basics/cgi_basics.html#Datenuebergabe git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@5431 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- source/de/anomic/http/httpdFileHandler.java | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java index 796bea58f..b4c77c82c 100644 --- a/source/de/anomic/http/httpdFileHandler.java +++ b/source/de/anomic/http/httpdFileHandler.java @@ -578,19 +578,9 @@ public final class httpdFileHandler { String mimeType = "text/html"; int statusCode = 200; - boolean argToCommandline = false; - // see http://hoohoo.ncsa.uiuc.edu/cgi/cl.html) - if (argsString != null && !argsString.contains("=")) { - argToCommandline = true; - } - ProcessBuilder pb; - if (argToCommandline) { - pb = new ProcessBuilder(targetFile.getAbsolutePath(), argsString); - } else { - pb = new ProcessBuilder(targetFile.getAbsolutePath()); - } + pb = new ProcessBuilder(targetFile.getAbsolutePath()); // set environment variables Map env = pb.environment(); @@ -634,7 +624,7 @@ public final class httpdFileHandler { OutputStream os = new BufferedOutputStream(p.getOutputStream()); - if (!argToCommandline && method.equalsIgnoreCase(httpHeader.METHOD_POST) && body != null) { + if (method.equalsIgnoreCase(httpHeader.METHOD_POST) && body != null) { byte[] buffer = new byte[1024]; int len = requestHeader.getContentLength(); while (len > 0) {