Guy Decoux says:
>Apparently, CERN Daemon, NCSA Daemon and Plexus don't give the same
>"PATH_INFO" when there is a "+" in the pathname.
>Who are right ?
[example with GET /cgi-bin/a/essai[+%3B+]?a deleted ]
Oh dear, I'm afraid the answer is none of them. In this case,
PATH_INFO should be:
The server should not un-escape PATH_INFO. Otherwise, things
like GET /cgi-bin/a/path%2Finfo do a very wrong thing. I just wrote
on this in more detail, see http://www.cs.ubc.ca/spider/phillips/CGI-muse
I think some bug fixing needs to be done, but we should clarify these
details in the spec, first.
Rob McCool said:
>One of the most popular (in fact, the only one I've gotten) complaints about
>CGI is the fact that the non-nph script's output is stripped of everything
>except Location: and Content-type:.
I also concur with the solution of just letting the headers through.
Happily, that change can go along with escaping fixups.
For CGI/1.1 we may want to consider npa (no parse anything) scripts which
get fed everything the client sends and talk directly back to the client.
It's a punt, but it'll at least let script authors do anything
(authentication, experimental things, etc.) until a new version of
CGI catches up with new HTTP/1.0 protocol features.