[ic] Adding backdoor for Interchange administration to the dancefloor

Sat Sep 15 14:02:28 UTC 2012

Quoting Jon Jensen (jon at endpoint.com):
> On Fri, 14 Sep 2012, Stefan Hornburg (Racke) wrote:
> 
> >Does anyone know which kind of commandline parameters can be
> >passed to CGI in order to adjust the send_arguments function for
> >the plugin?
> 
> Welcome to the 1990s!
> 
> Mike may be the only one who remembers for sure, but I think that
> dates from the Minivend 3 days before named arguments were used in
> GET requests, as defined in section 7 of the CGI spec:
> 
> http://tools.ietf.org/html/draft-robinson-www-interface-00
> 
> and as parsed by Interchange in &Vend::Server::parse_post (which
> gets called for GET requests too), in the current version's lines
> 378-383:
> 
>     if( defined $pairs[0] and $pairs[0] =~ /^   (\w{8,32})? ; /x)  {
>         @CGI::values{qw/ mv_session_id mv_arg mv_pc /}
>             = split /;/, $pairs[0], 3;
>         shift @pairs;
>     }
> 
> Back then a Minivend 3 URL looked something like:
> 
> http://site/cgi-bin/vlink/flypage?01234567;somesku;987
> 
> And as per CGI spec, because there's no unencoded = in the query
> string, it's passed as a command line argument to the CGI program,
> appearing as @ARGV.
> 
> The whole arg will show up in $ARGV[0] unless there are +
> characters, in which case those are spaces and it splits the other
> words into the rest of @ARGV.
> 
> Anyway, Mike would have to confirm, but if I'm remembering this
> right, and you're not using ancient Minivend 3 args, you can
> probably just ignore this stuff altogether for your Dancer plugin.

This is correct. Certainly you don't have to provide args, which could
even be removed from Interchange at this point -- no one uses them.
I would think you could manipulate any of the standard %ENV arguments
to do anything you want.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.253.4194  <mike at perusion.com>

I have a cop friend who thinks he ought be able to give a new ticket;
"too dumb for conditions".