You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/04/13 21:02:35 UTC
DO NOT REPLY [Bug 39306] New: - Documentation for ScriptInterpreterSource is not specific enough
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39306>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39306
Summary: Documentation for ScriptInterpreterSource is not
specific enough
Product: Apache httpd-2
Version: 2.2-HEAD
Platform: PC
URL: http://httpd.apache.org/docs/2.2/mod/core.html#scriptint
erpretersource
OS/Version: Windows Server 2003
Status: NEW
Severity: normal
Priority: P3
Component: Documentation
AssignedTo: bugs@httpd.apache.org
ReportedBy: brett-hunsaker@automation-software.com
The description of the Registry and Registry-Strict parameters is imprecise
when it references which registry value is used. The current implementation
uses the (Default) value of the key.
MightI suggest the following description:
Setting ScriptInterpreterSource Registry will cause the Windows Registry tree
HKEY_CLASSES_ROOT to be searched using the script file extension (e.g., .pl) as
a search key. The command defined by the default value of the registry subkey
Shell\ExecCGI\Command or, if it does not exist, by the default value of the
subkey Shell\Open\Command is used to open the script file. If the registry keys
cannot be found, Apache falls back to the behavior of the Script option.
For example, the registry setting to have a script with the .pl extension
processed via perl would be:
HKEY_CLASSES_ROOT\.pl\Shell\ExecCGI\Command\(Default) => C:\Perl\bin\perl.exe -
wT
Security
Be careful when using ScriptInterpreterSource Registry with ScriptAlias'ed
directories, because Apache will try to execute every file within this
directory. The Registry setting may cause undesired program calls on files
which are typically not executed. For example, the default open command on .htm
files on most Windows systems will execute Microsoft Internet Explorer, so any
HTTP request for an .htm file existing within the script directory would start
the browser in the background on the server. This is a good way to crash your
system within a minute or so.
The option Registry-Strict which is new in Apache 2.0 does the same thing as
Registry but uses only the default value of the subkey Shell\ExecCGI\Command.
The ExecCGI key is not a common one. It must be configured manually in the
windows registry and hence prevents accidental program calls on your system.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39306] - Documentation for ScriptInterpreterSource is not specific enough
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39306>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39306
tony@pc-tony.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From tony@pc-tony.com 2007-07-26 14:53 -------
Patch added: http://svn.apache.org/viewvc?view=rev&rev=560011
Should be visible within a few hours or so. Sorry for the delay.
Cheers,
Tony
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org