You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2003/06/28 20:16:18 UTC

cvs commit: httpd-docs-1.3/htdocs/manual/mod core.html.en

slive       2003/06/28 11:16:18

  Modified:    htdocs/manual/mod core.html.en
  Log:
  Document CGICommandArgs (only 15 months after the directive was added!).
  
  By the way, this directive does not appear to exist in 2.x.
  
  Submitted by: Glenn <gs...@gluelogic.com>, Joshua Slive
  
  Revision  Changes    Path
  1.250     +35 -0     httpd-docs-1.3/htdocs/manual/mod/core.html.en
  
  Index: core.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/core.html.en,v
  retrieving revision 1.249
  retrieving revision 1.250
  diff -u -d -b -u -r1.249 -r1.250
  --- core.html.en	6 Apr 2003 17:54:09 -0000	1.249
  +++ core.html.en	28 Jun 2003 18:16:18 -0000	1.250
  @@ -43,6 +43,8 @@
   
         <li><a href="#bs2000account">BS2000Account</a></li>
   
  +      <li><a href="#cgicommandargs">CGICommandArgs</a></li>
  +
         <li><a href="#clearmodulelist">ClearModuleList</a></li>
   
         <li><a href="#contentdigest">ContentDigest</a></li>
  @@ -696,6 +698,39 @@
   
       <p><strong>See Also:</strong> <a href="../ebcdic.html">Apache
       EBCDIC port</a></p>
  +    <hr />
  +
  +    <h2><a id="cgicommandargs" name="cgicommandargs">CGICommandArgs
  +    directive</a></h2>
  +
  +    <a href="directive-dict.html#Syntax"
  +    rel="Help"><strong>Syntax:</strong></a> CGICommandArgs On|Off<br />
  +     <a href="directive-dict.html#Default"
  +    rel="Help"><strong>Default:</strong></a> CGICommandArgs On<br />
  +     <a href="directive-dict.html#Context"
  +    rel="Help"><strong>Context:</strong></a> directory, .htaccess<br />
  +     <a href="directive-dict.html#Override"
  +    rel="Help"><strong>Override:</strong></a> Options<br />
  +     <a href="directive-dict.html#Status"
  +    rel="Help"><strong>Status:</strong></a> core<br />
  +     <a href="directive-dict.html#Compatibility"
  +    rel="Help"><strong>Compatibility:</strong></a> Available in Apache
  +       1.3.24 and later.
  +
  +    <p>Way back when the internet was a safer, more naive place, it
  +    was convenient for the server to take a query string that did not
  +    contain an '=' sign and to parse and pass it to a CGI program as
  +    command line args.  For example, <code>&lt;IsIndex&gt;</code>
  +    generated searches often work in this way.  The default behavior
  +    in Apache is to maintain this behavior for backwards
  +    compatibility, although it is generally regarded as unsafe
  +    practice today.  Most CGI programs do not take command line
  +    parameters, but among those that do, many are unaware of this
  +    method of passing arguments and are therefore vulnerable to
  +    malicious clients passing unsafe material in this way. Setting
  +    <code>CGICommandArgs Off</code> is recommended to protect such
  +    scripts with little loss in functionality.</p>
  +
       <hr />
   
       <h2><a id="clearmodulelist"