Ticket #567 (closed defect: fixed)
HTTP POST handling non-compliant, and failing
|Reported by:||rob@…||Owned by:||mapserverbugs|
HTTP POST handling issues: Registered as a single bug because a single fix is required. HTTP POST handling (cgiutil.c) has a number of problems. 1) requires header Content-Length to be set - this is unfriendly and also not compliant unless you somehow force the server also to advertise it is restricted to HTTP/1.0 2) use of function fread causes pain - cannot have perfectly legal newlines in XML encoding: eg <?xml version="1.0" encoding="UTF-8"?> <wfs:GetFeature maxFeatures="10" ..... fails, whereas <?xml version="1.0" encoding="UTF-8"?><wfs:GetFeature maxFeatures="10" .... works 3) use of Content-Length header to malloc memory without checks on sanity (size) or success of malloc not so good (have to make sure that fix does not introduce buffer overrun vulnerabilities) 4) does not wait for content to be supplied - if you fail to flush() the URL output connection immediately after writing it dies with a non-compliant effor message - having fallen through processing out of OGC handlers (not sure why fread does not block to be honest) 5) on fall through, or other errors described, does not respond with valid error format
Note: See TracTickets for help on using tickets.