This can be a strange one. :)

I've got a script running under Apache 1.3, with Apache::PerlRun use of mod_perl. It uses the conventional CGI.pm module. It is a regularly utilized script on the busy server, utilized over https.

The URL is usually something similar to...

/script.pl?action=edit&id=47049

That is then introduced into Perl the typical way...

my $action = $cgi->param("action");
my $id = $cgi->param("id");

This has worked effectively for a few years. However we began getting support demands now from your clients who have been being able to access this script and becoming blank pages. We already were built with a line such as the after that place the current URL right into a form we use for clients to benefit by an problem in regards to a page...

$cgi->url(-query => 1);

So when we percieve supply of the page, caused by that command is identical URL, however with a completely different query string.

/script.pl?action=login&user=foo&password=bar

A question string that people recognise to be from the completely different script elsewhere on our bodies.

However crazy it may sound, it appears that after customers are being able to access a URL having a query string, the query string the script is seeing is a from the previous request on another script. Obviously the script can't handle that action and results nothing.

We've got some automated test scripts running to determine how frequently this occurs, and it is its not all time. To throw additional confusion in to the mix, after an Apache restart, the issue appears to initially disappear completely simply to return later. So whatever is leading to it's in some way relieved with a restart, but we can not observe how Apache may possibly go ahead and take request in one user and change things up with another.

This, it seems, is definitely an interesting mixture of Apache 1.3, mod_perl 1.31, CGI.pm and Apache::GTopLimit.

A bug was drenched against CGI.pm in May this past year: RT #57184

That also references CGI.pm params not being cleared?

CGI.pm registers a cleanup handler to be able to cleanup all it's cache.... (line 360)

$r->register_cleanup(\&CGI::_reset_globals);

Apache::GTopLimit (like Apache::SizeLimit pointed out within the bug report) also offers a handler such as this:

$r->post_connection(\&exit_if_too_big) if $r->is_main;

In pre mod_perl 1.31, publish_connection and register_cleanup seems to push to the stack, during 1.31 it seems as though the GTopLimit one clobbers the CGI.pm entry. Therefore if your GTopLimit function fires since the Apache process has to large, then CGI.pm will not be cleared up, departing it available to coming back exactly the same parameters next time you utilize it.

The answer appears to become to alter line 360 of CGI.pm to

$r->push_handlers( 'PerlCleanupHandler', \&CGI::_reset_globals);

Which clearly pushes the handler to the list.

Our restart of Apache temporarily resolved the issue since it reduced how big all of the processes and gave GTopLimit pointless to fireplace.

And that we assume it's made an appearance in the last couple of days because we've elevated how big the Apache process through either new developments which incorporated something which wasn't before.

All tests to date indicate this being the problem, so fingers entered it's!