httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From k...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod core.xml core.html.en
Date Sat, 28 Jun 2003 22:38:16 GMT
kess        2003/06/28 15:38:16

  Modified:    docs/manual/mod core.xml core.html.en
  Log:
  explain ScriptInterpreterSource a little bit more
  
  Revision  Changes    Path
  1.70      +37 -7     httpd-2.0/docs/manual/mod/core.xml
  
  Index: core.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/core.xml,v
  retrieving revision 1.69
  retrieving revision 1.70
  diff -u -r1.69 -r1.70
  --- core.xml	27 Jun 2003 18:53:03 -0000	1.69
  +++ core.xml	28 Jun 2003 22:38:13 -0000	1.70
  @@ -2437,17 +2437,47 @@
   
   <usage>
       <p>This directive is used to control how Apache finds the
  -    interpreter used to run CGI scripts. The default technique is to
  -    use the interpreter pointed to by the <code>#!</code> line in the
  -    script.</p>
  +    interpreter used to run CGI scripts. The default setting is
  +    <code>Script</code>. This causes Apache to use the interpreter pointed
to
  +    by the shebang line (first line, starting with <code>#!</code>) in the
  +    script. On Win32 systems this line usually looks like:</p>
  +
  +    <example>
  +      #!C:/Perl/bin/perl.exe
  +    </example>
  +
  +    <p>or, if perl is in <code>PATH</code>, simply:</p>
  +
  +    <example>
  +      #!perl
  +    </example>
   
       <p>Setting <code>ScriptInterpreterSource Registry</code> will
  -    cause the Windows Registry to be searched using the script file
  -    extension (e.g., <code>.pl</code>) as a search key.</p>
  +    cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
  +    searched using the script file extension (e.g., <code>.pl</code>) as a
  +    search key. The command defined by the registry subkey
  +    <code>Shell\Open\Command</code> is used to open the script file. In absence
  +    of the file extension key or the <code>Shell\Open\Command</code> subkey
  +    Apache uses the <code>Script</code> option.</p>
  +
  +    <note type="warning"><title>Security</title>
  +      <p>Be careful to use <code>ScriptInterpreterSource Registry</code>
with 
  +      <directive module="mod_alias">ScriptAlias</directive>'ed directories,
  +      because Apache is trying to execute <strong>every</strong> file within
  +      this directory. The <code>Registry</code> setting may cause undesired
  +      program calls on files, which are usually not executed. For example, the
  +      default open command on <code>.htm</code> files on most Windows systems
is
  +      executing the Microsoft Internet Explorer, so any HTTP request for an
  +      <code>.htm</code> file existing within the script directory would start
  +      the browser in background. This is an effective method to crash your
  +      system within a minute or so.</p>
  +    </note>
   
       <p>The option <code>Registry-Strict</code> which is new in Apache
2.0
  -    does the same as <code>Registry</code> but uses a more strict registry
  -    search.</p>
  +      does the same as <code>Registry</code> but uses the subkey
  +      <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code>
key
  +      is not a common one. It has to be configured manually and prevents your
  +      system from accidental program calls.</p>
   </usage>
   </directivesynopsis>
   
  
  
  
  1.77      +38 -8     httpd-2.0/docs/manual/mod/core.html.en
  
  Index: core.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/core.html.en,v
  retrieving revision 1.76
  retrieving revision 1.77
  diff -u -r1.76 -r1.77
  --- core.html.en	21 Jun 2003 23:33:59 -0000	1.76
  +++ core.html.en	28 Jun 2003 22:38:13 -0000	1.77
  @@ -2480,22 +2480,52 @@
   <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
   <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
   <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
  -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Win32
only<br />
  +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Win32
only;
   option <code>Registry-Strict</code> is available in Apache 2.0 and
   later</td></tr>
   </table>
       <p>This directive is used to control how Apache finds the
  -    interpreter used to run CGI scripts. The default technique is to
  -    use the interpreter pointed to by the <code>#!</code> line in the
  -    script.</p>
  +    interpreter used to run CGI scripts. The default setting is
  +    <code>Script</code>. This causes Apache to use the interpreter pointed
to
  +    by the shebang line (first line, starting with <code>#!</code>) in the
  +    script. On Win32 systems this line usually looks like:</p>
  +
  +    <div class="example"><p><code>
  +      #!C:/Perl/bin/perl.exe
  +    </code></p></div>
  +
  +    <p>or, if perl is in <code>PATH</code>, simply:</p>
  +
  +    <div class="example"><p><code>
  +      #!perl
  +    </code></p></div>
   
       <p>Setting <code>ScriptInterpreterSource Registry</code> will
  -    cause the Windows Registry to be searched using the script file
  -    extension (e.g., <code>.pl</code>) as a search key.</p>
  +    cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
  +    searched using the script file extension (e.g., <code>.pl</code>) as a
  +    search key. The command defined by the registry subkey
  +    <code>Shell\Open\Command</code> is used to open the script file. In absence
  +    of the file extension key or the <code>Shell\Open\Command</code> subkey
  +    Apache uses the <code>Script</code> option.</p>
  +
  +    <div class="warning"><h3>Security</h3>
  +      <p>Be careful to use <code>ScriptInterpreterSource Registry</code>
with 
  +      <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>'ed
directories,
  +      because Apache is trying to execute <strong>every</strong> file within
  +      this directory. The <code>Registry</code> setting may cause undesired
  +      program calls on files, which are usually not executed. For example, the
  +      default open command on <code>.htm</code> files on most Windows systems
is
  +      executing the Microsoft Internet Explorer, so any HTTP request for an
  +      <code>.htm</code> file existing within the script directory would start
  +      the browser in background. This is an effective method to crash your
  +      system within a minute or so.</p>
  +    </div>
   
       <p>The option <code>Registry-Strict</code> which is new in Apache
2.0
  -    does the same as <code>Registry</code> but uses a more strict registry
  -    search.</p>
  +      does the same as <code>Registry</code> but uses the subkey
  +      <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code>
key
  +      is not a common one. It has to be configured manually and prevents your
  +      system from accidental program calls.</p>
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  
  
  

Mime
View raw message