[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [bug #45443] http_proxy variable should also work for cap
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] [bug #45443] http_proxy variable should also work for capitalized HTTP_PROXY |
Date: |
Tue, 30 Jun 2015 15:02:16 +0200 |
User-agent: |
KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; ) |
On Tuesday 30 June 2015 11:20:28 Daniel Stenberg wrote:
> On Tue, 30 Jun 2015, NoëlKöthe wrote:
>
> (Pruned the receivers list to the wget list only.)
>
> The reason some tools don't accept "HTTP_PROXY" and only "http_proxy" is
> that the CGI interface from back in the old days provide headers from the
> incoming request to the CGI program prefixed with "HTTP_".
>
> Thus, running a CGI script from a server, an incoming "Proxy:" header (which
> normally doesn't do anything) would be sent to the program as "HTTP_PROXY",
> leading to confusions or in the worst case some sort of attack.
>
> The CGI interface is an ancient thing, probably boardering to extinction.
> Still it is out there and some such CGIs probably use wget.
>
> Incidently, curl also only accepts the lower case version of this
> environment variable and I believe it goes for some other related tools as
> well.
Thanks for pointing that out, Daniel.
This a very valuable information which needs to be mentioned in the code (and
docs) as well.
From the orginal bug report
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790523):
"wget does not recognize proxy variables when capitalized correctly. It wants
them in lowercase, which conflicts with private variables in my script."
Even if wget becomes changed to *also* recognize uppercase proxy variables,
the bug reporter will still have a problem with his script variable names (at
least it sounds so for me).
Dropping support for the lowercase variant is not an option.
For me it looks like a WONTFIX.
Tim
signature.asc
Description: This is a digitally signed message part.