You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fu...@apache.org on 2012/12/17 22:44:34 UTC
svn commit: r1423166 - in /httpd/httpd/trunk/docs/cgi-examples: printenv printenv.vbs printenv.wsf test-cgi

Author: fuankg
Date: Mon Dec 17 21:44:32 2012
New Revision: 1423166

URL: http://svn.apache.org/viewvc?rev=1423166&view=rev
Log:
Added a warning that these scripts leak information.

Modified:
    httpd/httpd/trunk/docs/cgi-examples/printenv
    httpd/httpd/trunk/docs/cgi-examples/printenv.vbs
    httpd/httpd/trunk/docs/cgi-examples/printenv.wsf
    httpd/httpd/trunk/docs/cgi-examples/test-cgi

Modified: httpd/httpd/trunk/docs/cgi-examples/printenv
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/printenv?rev=1423166&r1=1423165&r2=1423166&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/printenv (original)
+++ httpd/httpd/trunk/docs/cgi-examples/printenv Mon Dec 17 21:44:32 2012
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/perl shebang, and on Unix / Linux also
 # set this script executable with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 ##
 ##  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/trunk/docs/cgi-examples/printenv.vbs
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/printenv.vbs?rev=1423166&r1=1423165&r2=1423166&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/printenv.vbs (original)
+++ httpd/httpd/trunk/docs/cgi-examples/printenv.vbs Mon Dec 17 21:44:32 2012
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/trunk/docs/cgi-examples/printenv.wsf
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/printenv.wsf?rev=1423166&r1=1423165&r2=1423166&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/printenv.wsf (original)
+++ httpd/httpd/trunk/docs/cgi-examples/printenv.wsf Mon Dec 17 21:44:32 2012
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/trunk/docs/cgi-examples/test-cgi
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/cgi-examples/test-cgi?rev=1423166&r1=1423165&r2=1423166&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/cgi-examples/test-cgi (original)
+++ httpd/httpd/trunk/docs/cgi-examples/test-cgi Mon Dec 17 21:44:32 2012
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/sh shebang, and set this script executable
 # with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 # disable filename globbing
 set -f