You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2002/02/13 18:17:50 UTC
cvs commit: httpd-2.0/docs/cgi-examples test-cgi.bat
wrowe 02/02/13 09:17:50
Modified: . Makefile.win
Removed: docs/cgi-examples test-cgi.bat
Log:
These files cannot be distributed at present - Justin, update your RC.32
Win32 is not escaping or rejecting ANY hazerdous shell command strings
in Apache 2.0 at present. These would include the pipe character (|)
which allows the user to construct malicious request strings.
This needs consideration in code and configuration before we reintroduce
a batch-file based example.
Reported by: Ory Segal <OR...@SANCTUMINC.COM> 13 Feb 2002
Revision Changes Path
1.95 +0 -1 httpd-2.0/Makefile.win
Index: Makefile.win
===================================================================
RCS file: /home/cvs/httpd-2.0/Makefile.win,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- Makefile.win 31 Jan 2002 01:25:49 -0000 1.94
+++ Makefile.win 13 Feb 2002 17:17:50 -0000 1.95
@@ -413,7 +413,6 @@
}
}
<<
- copy docs\cgi-examples\test-cgi.bat "$(INSTDIR)\cgi-bin" <.y
xcopy docs\error "$(INSTDIR)\error" /s /d < .a
xcopy docs\docroot "$(INSTDIR)\htdocs" /d < .a
xcopy docs\manual "$(INSTDIR)\manual" /s /d < .a