[ic] Adding backdoor for Interchange administration to the dancefloor
Mike Heins
mike at perusion.com
Sat Sep 15 14:02:28 UTC 2012
Quoting Jon Jensen (jon at endpoint.com):
> On Fri, 14 Sep 2012, Stefan Hornburg (Racke) wrote:
>
> >Does anyone know which kind of commandline parameters can be
> >passed to CGI in order to adjust the send_arguments function for
> >the plugin?
>
> Welcome to the 1990s!
>
> Mike may be the only one who remembers for sure, but I think that
> dates from the Minivend 3 days before named arguments were used in
> GET requests, as defined in section 7 of the CGI spec:
>
> http://tools.ietf.org/html/draft-robinson-www-interface-00
>
> and as parsed by Interchange in &Vend::Server::parse_post (which
> gets called for GET requests too), in the current version's lines
> 378-383:
>
> if( defined $pairs[0] and $pairs[0] =~ /^ (\w{8,32})? ; /x) {
> @CGI::values{qw/ mv_session_id mv_arg mv_pc /}
> = split /;/, $pairs[0], 3;
> shift @pairs;
> }
>
> Back then a Minivend 3 URL looked something like:
>
> http://site/cgi-bin/vlink/flypage?01234567;somesku;987
>
> And as per CGI spec, because there's no unencoded = in the query
> string, it's passed as a command line argument to the CGI program,
> appearing as @ARGV.
>
> The whole arg will show up in $ARGV[0] unless there are +
> characters, in which case those are spaces and it splits the other
> words into the rest of @ARGV.
>
> Anyway, Mike would have to confirm, but if I'm remembering this
> right, and you're not using ancient Minivend 3 args, you can
> probably just ignore this stuff altogether for your Dancer plugin.
This is correct. Certainly you don't have to provide args, which could
even be removed from Interchange at this point -- no one uses them.
I would think you could manipulate any of the standard %ENV arguments
to do anything you want.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.253.4194 <mike at perusion.com>
I have a cop friend who thinks he ought be able to give a new ticket;
"too dumb for conditions".
More information about the interchange-users
mailing list