You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by wr...@apache.org on 2008/09/06 22:26:15 UTC

svn commit: r692727 - in /httpd/httpd/trunk/docs/cgi-examples: printenv test-cgi

Author: wrowe
Date: Sat Sep  6 13:26:15 2008
New Revision: 692727

URL: http://svn.apache.org/viewvc?rev=692727&view=rev
Log:
Ensure it's abundently clear that these scripts may be bad news
with stupid-assed clients which contravine their prime directives,
such as content-type, or do not harm humans.

Flaws such as utf-7 decoding ensure that even txt->html transforms
are insufficient.

Modified:
    httpd/httpd/trunk/docs/cgi-examples/printenv
    httpd/httpd/trunk/docs/cgi-examples/test-cgi

Modified: httpd/httpd/trunk/docs/cgi-examples/printenv
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/printenv?rev=692727&r1=692726&r2=692727&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/printenv (original)
+++ httpd/httpd/trunk/docs/cgi-examples/printenv Sat Sep  6 13:26:15 2008
@@ -1,4 +1,13 @@
-#!/usr/local/bin/perl
+#
+
+# To permit this cgi, replace # on the first line above with the
+# appropriate #!/path/to/perl shebang, and set this script executable
+# with chmod 755.
+#
+# Note that it is subject to cross site scripting attacks on MS IE
+# and any other browser which fails to honor RFC2616, so never use
+# it in a live server environment, it is provided only for testing.
+
 ##
 ##  printenv -- demo CGI program which just prints its environment
 ##

Modified: httpd/httpd/trunk/docs/cgi-examples/test-cgi
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/test-cgi?rev=692727&r1=692726&r2=692727&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/test-cgi (original)
+++ httpd/httpd/trunk/docs/cgi-examples/test-cgi Sat Sep  6 13:26:15 2008
@@ -1,4 +1,12 @@
-#!/bin/sh
+#
+
+# To permit this cgi, replace # on the first line above with the
+# appropriate #!/path/to/sh shebang, and set this script executable
+# with chmod 755.
+#
+# Note that it is subject to cross site scripting attacks on MS IE
+# and any other browser which fails to honor RFC2616, so never use
+# it in a live server environment, it is provided only for testing.
 
 # disable filename globbing
 set -f