You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2003/06/28 20:16:18 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/mod core.html.en
slive 2003/06/28 11:16:18
Modified: htdocs/manual/mod core.html.en
Log:
Document CGICommandArgs (only 15 months after the directive was added!).
By the way, this directive does not appear to exist in 2.x.
Submitted by: Glenn <gs...@gluelogic.com>, Joshua Slive
Revision Changes Path
1.250 +35 -0 httpd-docs-1.3/htdocs/manual/mod/core.html.en
Index: core.html.en
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/core.html.en,v
retrieving revision 1.249
retrieving revision 1.250
diff -u -d -b -u -r1.249 -r1.250
--- core.html.en 6 Apr 2003 17:54:09 -0000 1.249
+++ core.html.en 28 Jun 2003 18:16:18 -0000 1.250
@@ -43,6 +43,8 @@
<li><a href="#bs2000account">BS2000Account</a></li>
+ <li><a href="#cgicommandargs">CGICommandArgs</a></li>
+
<li><a href="#clearmodulelist">ClearModuleList</a></li>
<li><a href="#contentdigest">ContentDigest</a></li>
@@ -696,6 +698,39 @@
<p><strong>See Also:</strong> <a href="../ebcdic.html">Apache
EBCDIC port</a></p>
+ <hr />
+
+ <h2><a id="cgicommandargs" name="cgicommandargs">CGICommandArgs
+ directive</a></h2>
+
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> CGICommandArgs On|Off<br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> CGICommandArgs On<br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> directory, .htaccess<br />
+ <a href="directive-dict.html#Override"
+ rel="Help"><strong>Override:</strong></a> Options<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core<br />
+ <a href="directive-dict.html#Compatibility"
+ rel="Help"><strong>Compatibility:</strong></a> Available in Apache
+ 1.3.24 and later.
+
+ <p>Way back when the internet was a safer, more naive place, it
+ was convenient for the server to take a query string that did not
+ contain an '=' sign and to parse and pass it to a CGI program as
+ command line args. For example, <code><IsIndex></code>
+ generated searches often work in this way. The default behavior
+ in Apache is to maintain this behavior for backwards
+ compatibility, although it is generally regarded as unsafe
+ practice today. Most CGI programs do not take command line
+ parameters, but among those that do, many are unaware of this
+ method of passing arguments and are therefore vulnerable to
+ malicious clients passing unsafe material in this way. Setting
+ <code>CGICommandArgs Off</code> is recommended to protect such
+ scripts with little loss in functionality.</p>
+
<hr />
<h2><a id="clearmodulelist"