Merge from 3.0 fixes branch

[disorder] / server / cgimain.c

diff --git a/server/cgimain.c b/server/cgimain.c
index 5f83e7a64e943af0952970457350e1d42f3fc6a2..5a79bb56c75418b4c9e2d5c792f2df1a6ae04298 100644 (file)
--- a/server/cgimain.c
+++ b/server/cgimain.c
@@ -78,6 +78,15 @@ int main(int argc, char **argv) {
   struct cookiedata cd;
 
   if(argc > 0) progname = argv[0];
+  /* RFC 3875 s8.2 recommends rejecting PATH_INFO if we don't make use of
+   * it. */
+  if(getenv("PATH_INFO")) {
+    printf("Content-Type: text/html\n");
+    printf("Status: 404\n");
+    printf("\n");
+    printf("<p>Sorry, PATH_INFO not supported.</p>\n");
+    exit(0);
+  }
   cgi_parse();
   if((conf = getenv("DISORDER_CONFIG"))) configfile = xstrdup(conf);
   if(getenv("DISORDER_DEBUG")) debugging = 1;
@@ -108,10 +117,10 @@ int main(int argc, char **argv) {
       }
       if(best_cookie != -1)
        login_cookie = cd.cookies[best_cookie].value;
-    }
+    } else
+      error(0, "could not parse cookie field '%s'", cookie_env);
   }
   disorder_cgi_login(&s, &output);
-  /* TODO RFC 3875 s8.2 recommendations e.g. concerning PATH_INFO */
   disorder_cgi(&output, &s);
   if(fclose(stdout) < 0) fatal(errno, "error closing stdout");
   return 0;