FIX: Extra Invalid Characters in String Arguments (152968)

SYMPTOMS

When the POST method is used to send information from an HTML form to an MFC ISAPI DLL, the last parameter in the function handling command may have extra characters that are not part of the actual input. This will happen if the last parameter is a string.

CAUSE

When the POST method is used, the input from the IIS server may contain extra characters that are not part of the input. These extra characters are sent by a browser. The code in MFC does not handle this situation correctly and appends these extra characters to the last parameter of your function if it is a string.

MORE INFORMATION

Sample Code

Add the following prototype to the CHttpServer derived class:

   #if (_MFC_VER == 0x0410)

       virtual int CallFunction(CHttpServerContext* pCtxt,
           LPTSTR pszQuery, LPTSTR pszCommand);

   #endif

and the following code to the .CPP file for the class:

   #if (_MFC_VER == 0x0410)

   // Replace CMyServerExtension with the name of your
   // CHttpServer derived class.

   int CMyServerExtension::CallFunction(CHttpServerContext* pCtxt,
       LPTSTR pszQuery, LPTSTR pszCommand)
   {
       DWORD dw = 100;
       char clen[100];

       BOOL bRet = pCtxt->GetServerVariable("CONTENT_LENGTH", clen, &dw);

       if (bRet)
       {
           long len = atoi(clen);

           *(pszQuery + len) = '\0';
       }

       return CHttpServer::CallFunction(pCtxt, pszQuery, pszCommand);
   }

   #endif

The CONTENT_LENGTH server variable contains the correct length of the data sent from an HTML form. This function uses that length to remove the extra characters appended at the end before parameters are extracted.

FIX: Extra Invalid Characters in String Arguments (152968)

SYMPTOMS

CAUSE

RESOLUTION

STATUS

MORE INFORMATION

Sample Code