bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [bug #45443] http_proxy variable should also work for cap


From: Tim Ruehsen
Subject: Re: [Bug-wget] [bug #45443] http_proxy variable should also work for capitalized HTTP_PROXY
Date: Tue, 30 Jun 2015 15:02:16 +0200
User-agent: KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; )

On Tuesday 30 June 2015 11:20:28 Daniel Stenberg wrote:
> On Tue, 30 Jun 2015, NoëlKöthe wrote:
> 
> (Pruned the receivers list to the wget list only.)
> 
> The reason some tools don't accept "HTTP_PROXY" and only "http_proxy" is
> that the CGI interface from back in the old days provide headers from the
> incoming request to the CGI program prefixed with "HTTP_".
> 
> Thus, running a CGI script from a server, an incoming "Proxy:" header (which
> normally doesn't do anything) would be sent to the program as "HTTP_PROXY",
> leading to confusions or in the worst case some sort of attack.
> 
> The CGI interface is an ancient thing, probably boardering to extinction.
> Still it is out there and some such CGIs probably use wget.
> 
> Incidently, curl also only accepts the lower case version of this
> environment variable and I believe it goes for some other related tools as
> well.

Thanks for pointing that out, Daniel.
This a very valuable information which needs to be mentioned in the code (and 
docs) as well.

From the orginal bug report 
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790523):
"wget does not recognize proxy variables when capitalized correctly. It wants
them in lowercase, which conflicts with private variables in my script."
 
Even if wget becomes changed to *also* recognize uppercase proxy variables, 
the bug reporter will still have a problem with his script variable names (at 
least it sounds so for me).
Dropping support for the lowercase variant is not an option.

For me it looks like a WONTFIX.

Tim

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]