You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2008/09/06 22:26:15 UTC
svn commit: r692727 - in /httpd/httpd/trunk/docs/cgi-examples: printenv
test-cgi
Author: wrowe
Date: Sat Sep 6 13:26:15 2008
New Revision: 692727
URL: http://svn.apache.org/viewvc?rev=692727&view=rev
Log:
Ensure it's abundently clear that these scripts may be bad news
with stupid-assed clients which contravine their prime directives,
such as content-type, or do not harm humans.
Flaws such as utf-7 decoding ensure that even txt->html transforms
are insufficient.
Modified:
httpd/httpd/trunk/docs/cgi-examples/printenv
httpd/httpd/trunk/docs/cgi-examples/test-cgi
Modified: httpd/httpd/trunk/docs/cgi-examples/printenv
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/printenv?rev=692727&r1=692726&r2=692727&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/printenv (original)
+++ httpd/httpd/trunk/docs/cgi-examples/printenv Sat Sep 6 13:26:15 2008
@@ -1,4 +1,13 @@
-#!/usr/local/bin/perl
+#
+
+# To permit this cgi, replace # on the first line above with the
+# appropriate #!/path/to/perl shebang, and set this script executable
+# with chmod 755.
+#
+# Note that it is subject to cross site scripting attacks on MS IE
+# and any other browser which fails to honor RFC2616, so never use
+# it in a live server environment, it is provided only for testing.
+
##
## printenv -- demo CGI program which just prints its environment
##
Modified: httpd/httpd/trunk/docs/cgi-examples/test-cgi
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/test-cgi?rev=692727&r1=692726&r2=692727&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/test-cgi (original)
+++ httpd/httpd/trunk/docs/cgi-examples/test-cgi Sat Sep 6 13:26:15 2008
@@ -1,4 +1,12 @@
-#!/bin/sh
+#
+
+# To permit this cgi, replace # on the first line above with the
+# appropriate #!/path/to/sh shebang, and set this script executable
+# with chmod 755.
+#
+# Note that it is subject to cross site scripting attacks on MS IE
+# and any other browser which fails to honor RFC2616, so never use
+# it in a live server environment, it is provided only for testing.
# disable filename globbing
set -f