Re: CGI/1.0: last call (fwd)
robm@ncsa.uiuc.edu (Rob McCool)
Message-id: <9312050213.AA06691@void.ncsa.uiuc.edu>
From: robm@ncsa.uiuc.edu (Rob McCool)
Date: Sat, 4 Dec 1993 20:12:59 -0600
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: www-talk@nxoc01.cern.ch
Subject: Re: CGI/1.0: last call (fwd)
/*
* Re: CGI/1.0: last call (fwd) by John Franks (john@math.nwu.edu)
* written on Dec 4, 10:09am.
*
* Generally very good. I have no problems with the spec. I also would
* like to see the examples Ari mentions. In fact it would be nice if
* there were simple minded examples of almost everything. Not example
* scripts, but something along the lines of
*
* ------------------
* Script writes to stdout:
*
* Location: http://hoohoo.ncsa.uiuc.edu/cgi/
*
* Server action:
*
* Issues HTTP/1.0 redirect message redirecting to URL
* http://hooh0.ncsa.edu/cgi/
*
* ------------------
I'll add examples to everything to make things clearer.
* Also I find the following passage somewhat unclear:
*
* > The command line is only used in the case of an ISINDEX query. It is
* > not used in the case of an HTML form or any as yet undefined query
* > type. The server should search the query information for a non-encoded
* > + character to determine if the command line is to be used.
*
* > If the server finds one, it will decode the query information by first
* > splitting it on the pluses given in the URL. It will then perform the
* > additional decoding before placing the resulting words on
* > argv[1....].
*
* > If the server finds that it cannot send the string due to internal
* > limitations (such as exec() or /bin/sh command line restrictions) the
* > server should include NO command line information and provide the
* > non-decoded query information in the environment variable
* > QUERY_STRING.
*
* I assume the query information is everything after the ? in the URL.
Yep.
* Will the client always put a + in this string? What if it is a single
* word search term? I guess I don't understand how the + works to
* determine whether or not to use the command line. What does the
* server do if there is no + so it shouldn't the commannd line?
* (presumably it does the same thing it does when command line
* retstrictions prevent it from using the command line.) Examples here
* would help a lot. Probably I don't understand this because I haven't
* been paying attention, but of course new people will need to read this
* document without the benefit of the discussion in its creation.
Hmmm. This is a problem. I hadn't thought of that. To answer your question,
a plus would only appear in an isindex query, since we are trusting the
client to % encode spaces in form requests. However, I had forgotten that
not all ISINDEX queries will have a + in them.
Perhaps instead of using a + to test if a given request is an isindex
request, perhaps we should use whether there is an = in the request to
detect if it's a form request and only decode if it's not a form request.
The problem with that is that it leaves room for error in future
endeavors... what if the next FORMS+ interface doesn't have = in it? The
server shouldn't decode the string but it will if it doesn't find an =
sign...
* Should the server always put the query information in the variable
* QUERY_STRING, even when using the command line?
Yes.
* I have no quibble, but is there a rationale for decoding for the
* command line and not for the QUERY_STRING? Also a reference to what
* it means to decode the query information, i.e. say it means the
* standard URL decoding and give a reference for that.
Some scripts will want the query information untouched, which is what
QUERY_STRING is for. Decoding the command line for ISINDEX scripts is to
reduce the load on small script writers.
* A final nit. I would find it easier to read (and print) if it were a
* single html doc with internal links rather than several html docs with
* hyperlinks.
*
*
*
* John Franks Dept of Math. Northwestern University
* john@math.nwu.edu
*
*/