[ic] Adding backdoor for Interchange administration to the dancefloor
Jon Jensen
jon at endpoint.com
Fri Sep 14 22:53:16 UTC 2012
On Fri, 14 Sep 2012, Stefan Hornburg (Racke) wrote:
> Does anyone know which kind of commandline parameters can be passed to
> CGI in order to adjust the send_arguments function for the plugin?
Welcome to the 1990s!
Mike may be the only one who remembers for sure, but I think that dates
from the Minivend 3 days before named arguments were used in GET requests,
as defined in section 7 of the CGI spec:
http://tools.ietf.org/html/draft-robinson-www-interface-00
and as parsed by Interchange in &Vend::Server::parse_post (which gets
called for GET requests too), in the current version's lines 378-383:
if( defined $pairs[0] and $pairs[0] =~ /^ (\w{8,32})? ; /x) {
@CGI::values{qw/ mv_session_id mv_arg mv_pc /}
= split /;/, $pairs[0], 3;
shift @pairs;
}
Back then a Minivend 3 URL looked something like:
http://site/cgi-bin/vlink/flypage?01234567;somesku;987
And as per CGI spec, because there's no unencoded = in the query string,
it's passed as a command line argument to the CGI program, appearing as
@ARGV.
The whole arg will show up in $ARGV[0] unless there are + characters, in
which case those are spaces and it splits the other words into the rest of
@ARGV.
Anyway, Mike would have to confirm, but if I'm remembering this right, and
you're not using ancient Minivend 3 args, you can probably just ignore
this stuff altogether for your Dancer plugin.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list