Does uncgi strip out special shell characters that might cause security problems?
No, for the simple reason that uncgi isn’t tied to any one shell, or any shell at all, for that matter. It sits in front of C programs just as easily as Bourne shell scripts, just as easily as Perl scripts or Python scripts. (All of which are used in conjunction with uncgi at Midwinter, incidentally.) In most of those languages, there aren’t any special characters that’d inherently be security problems, so having uncgi strip characters that cause problems for a particular shell would just end up pointlessly mangling the input to other kinds of scripts and programs. And people using shells with different special characters would still have to specially handle them anyway. On most UNIXes, you can use the “tr -d” command to strip out characters your shell processes specially.
