重现步骤创建一个bash脚本,通过NGINX从FastCGI运行,在URL栏中不提供任何变量。
Nginx位置:
location ~ (\.cgi|\.py|\.sh|\.pl|\.lua)$ { gzip off; autoindex on; fastcgi_pass unix:/var/run/fcgiwrap.socket; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }
Bash脚本的顶部:
# Save the old internal field separator. OIFS="$IFS" # Set the field separator to & and parse the QUERY_STRING at the ampersand. IFS="${IFS}&" set $QUERY_STRING Args="$*" IFS="$OIFS"
预期输出:没什么
实际输出: 请注意,输出已经过消毒
BASH = /斌/庆典 BASHOPTS = “” BASH_ALIASES = “”
BASH_ARGC = “”
BASH_ARGV = “” BASH_CMDS = “”
BASH_LINENO = “”
BASH_SOURCE = “”
BASH_VERSINFO = “” BASH_VERSION = “”`
CONTENT_LENGTH = “”
CONTENT_TYPE = “”
DAEMON_OPTS = “” DIRSTACK = “”
DOCUMENT_ROOT = “”
DOCUMENT_URI = “”
EUID = “”
FCGI_ROLE = “” GATEWAY_INTERFACE = “”
组= “”
HOME = “”
HOSTNAME = “”
HOSTTYPE = “” HTTPS = “”
HTTP_ACCEPT = “”
HTTP_ACCEPT_ENCODING = “” HTTP_ACCEPT_LANGUAGE = “”
HTTP_CONNECTION = “”
HTTP_COOKIE = CID = “” HTTP_HOST = “”
HTTP_UPGRADE_INSECURE_REQUESTS = “”
HTTP_USER_AGENT = “”
IFS = “”
INVOCATION_ID = “”
JOURNAL_STREAM = “”
LANG = “”
LOGNAME = “” MACHTYPE = “”
的OIF = “”
OPTERR = “”
OPTIND = “”
OSTYPE = “”
PATH = “” PIPESTATUS = “”
PPID = “”
PS4 = “”
PWD = “”
QUERY_STRING = “”
REDIRECT_STATUS = “” REMOTE_ADDR = “”
REMOTE_PORT = “”
REQUEST_METHOD = “”
REQUEST_SCHEME = “” REQUEST_URI = “”
SCRIPT_FILENAME = “”
SCRIPT_NAME = “”
SERVER_ADDR = “” SERVER_NAME = “”
SERVER_PORT = “”
SERVER_PROTOCOL = “”
SERVER_SOFTWARE = “” SHELL = “”
SHELLOPTS = “”
SHLVL = “”
TERM = “”
UID = “”
USER = “” _ = “”
答案 0 :(得分:1)
我不确定set $QUERY_STRING
行的意图是什么,但那是导致输出的那一行。如果在没有任何有效选项的情况下调用它,则bash中的set builtin将输出环境。