« MTEntryExcerpt | Main | 64-bit xine-lib fix »

CGI.pm bug

I've tried this on a number of Movable Type 3.2 blogs out there, and it doesn't happen on theirs, but when you pass a badly formed query string to a CGI script, such as the query string in the Select a Design using StyleCatcher link at the bottom of the Templates page, extlib/CGI.pm croaks with the error:

Use of uninitialized value in hash element at /mt/extlib/CGI.pm line 554

That's if you're lucky and you're debugging with cgiwrapd. Otherwise you will probably just get an HTTP 500 Internal Server Error.

The offending link looks like this:

/mt/plugins/StyleCatcher/stylecatcher.cgi?;from=list_templates;blog_id=1

But I was also able to make mt.cgi die by just passing it

/mt/mt.cgi?;foo

Here's a patch which fixes the problem for me.

--- MT-3.2-en_US/extlib/CGI.pm  Wed Oct 12 08:55:56 2005
+++ mt/extlib/CGI.pm    Tue Jul 11 19:18:56 2006
@@ -546,6 +546,7 @@
     my($param,$value);
     foreach (@pairs) {
        ($param,$value) = split('=',$_,2);
+       next if not defined $param;
        next if $NO_UNDEF_PARAMS and not defined $value;
        $value = '' unless defined $value;
        $param = unescape($param);

TrackBack

TrackBack URL for this entry:
http://huangfamily.com/cgi-sys/cgiwrap/mhuang/mt/mt-tb.cgi/43

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)