[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [bug #45443] http_proxy variable should also work for cap
Re: [Bug-wget] [bug #45443] http_proxy variable should also work for capitalized HTTP_PROXY
Tue, 30 Jun 2015 15:02:16 +0200
KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; )
On Tuesday 30 June 2015 11:20:28 Daniel Stenberg wrote:
> On Tue, 30 Jun 2015, NoëlKöthe wrote:
> (Pruned the receivers list to the wget list only.)
> The reason some tools don't accept "HTTP_PROXY" and only "http_proxy" is
> that the CGI interface from back in the old days provide headers from the
> incoming request to the CGI program prefixed with "HTTP_".
> Thus, running a CGI script from a server, an incoming "Proxy:" header (which
> normally doesn't do anything) would be sent to the program as "HTTP_PROXY",
> leading to confusions or in the worst case some sort of attack.
> The CGI interface is an ancient thing, probably boardering to extinction.
> Still it is out there and some such CGIs probably use wget.
> Incidently, curl also only accepts the lower case version of this
> environment variable and I believe it goes for some other related tools as
Thanks for pointing that out, Daniel.
This a very valuable information which needs to be mentioned in the code (and
docs) as well.
From the orginal bug report
"wget does not recognize proxy variables when capitalized correctly. It wants
them in lowercase, which conflicts with private variables in my script."
Even if wget becomes changed to *also* recognize uppercase proxy variables,
the bug reporter will still have a problem with his script variable names (at
least it sounds so for me).
Dropping support for the lowercase variant is not an option.
For me it looks like a WONTFIX.
Description: This is a digitally signed message part.