- char *QUERY_STRING;
-
- QUERY_STRING = getenv("QUERY_STRING");
- if (!QUERY_STRING
- || QUERY_STRING[0] != '/'
- || strstr(QUERY_STRING, "//")
- || strstr(QUERY_STRING, "/../")
- || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+ char *location;
+
+ location = getenv("REQUEST_URI");
+ if (!location)
+ return 1;
+
+ /* drop URL arguments if any */
+ strchrnul(location, '?')[0] = '\0';
+
+ if (location[0] != '/'
+ || strstr(location, "//")
+ || strstr(location, "/../")
+ || strcmp(strrchr(location, '/'), "/..") == 0