You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by David Robinson <dr...@ast.cam.ac.uk> on 1995/10/19 17:00:00 UTC

PATH_INFO is bad for SSI

This might amuse the group; an example of why allowing allowing PATH_INFO is
bad for server-side includes:

The file /webroot/test.shtml contains

Hello <p>
<!-- #include virtual="msg.txt" -->

What happens when I access http://server/test.shtml/wibble ?

I get
Hello <p>
then it tries to include msg.txt, relative to /test.shtml/wibble ; this
is of course /test.shtml/msg.txt, so it includes itself! The output is
a long list like
Hello <p>
Hello <p>
Hello <p>

fortunately, it gives up after a while.

Ho hum.

 David.