X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/ac169f8a164a2a9e67e0d1d9392ed7994ea1b88b..3fbdc96d45fbf2abcc93ed2e8ad206bc540be92b:/server/cgimain.c

diff --git a/server/cgimain.c b/server/cgimain.c
index 5f83e7a..5a79bb5 100644
--- a/server/cgimain.c
+++ b/server/cgimain.c
@@ -78,6 +78,15 @@ int main(int argc, char **argv) {
   struct cookiedata cd;
 
   if(argc > 0) progname = argv[0];
+  /* RFC 3875 s8.2 recommends rejecting PATH_INFO if we don't make use of
+   * it. */
+  if(getenv("PATH_INFO")) {
+    printf("Content-Type: text/html\n");
+    printf("Status: 404\n");
+    printf("\n");
+    printf("<p>Sorry, PATH_INFO not supported.</p>\n");
+    exit(0);
+  }
   cgi_parse();
   if((conf = getenv("DISORDER_CONFIG"))) configfile = xstrdup(conf);
   if(getenv("DISORDER_DEBUG")) debugging = 1;
@@ -108,10 +117,10 @@ int main(int argc, char **argv) {
       }
       if(best_cookie != -1)
 	login_cookie = cd.cookies[best_cookie].value;
-    }
+    } else
+      error(0, "could not parse cookie field '%s'", cookie_env);
   }
   disorder_cgi_login(&s, &output);
-  /* TODO RFC 3875 s8.2 recommendations e.g. concerning PATH_INFO */
   disorder_cgi(&output, &s);
   if(fclose(stdout) < 0) fatal(errno, "error closing stdout");
   return 0;