You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fu...@apache.org on 2012/12/17 22:47:49 UTC
svn commit: r1423169 - in /httpd/httpd/branches/2.4.x/docs/cgi-examples:
printenv printenv.vbs printenv.wsf test-cgi
Author: fuankg
Date: Mon Dec 17 21:47:48 2012
New Revision: 1423169
URL: http://svn.apache.org/viewvc?rev=1423169&view=rev
Log:
Added a warning that these scripts leak information.
(Backport r1423166)
Modified:
httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv
httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi
Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv Mon Dec 17 21:47:48 2012
@@ -4,9 +4,12 @@
# appropriate #!/path/to/perl shebang, and on Unix / Linux also
# set this script executable with chmod 755.
#
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616.
##
## printenv -- demo CGI program which just prints its environment
Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs Mon Dec 17 21:47:48 2012
@@ -3,9 +3,12 @@
' To permit this cgi, replace ' on the first line above with the
' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
'
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616.
''
'' printenv -- demo CGI program which just prints its environment
Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf Mon Dec 17 21:47:48 2012
@@ -3,9 +3,12 @@
' To permit this cgi, replace ' on the first line above with the
' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
'
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616.
''
'' printenv -- demo CGI program which just prints its environment
Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi Mon Dec 17 21:47:48 2012
@@ -4,9 +4,12 @@
# appropriate #!/path/to/sh shebang, and set this script executable
# with chmod 755.
#
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616.
# disable filename globbing
set -f