httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fua...@apache.org
Subject svn commit: r1423169 - in /httpd/httpd/branches/2.4.x/docs/cgi-examples: printenv printenv.vbs printenv.wsf test-cgi
Date Mon, 17 Dec 2012 21:47:49 GMT
Author: fuankg
Date: Mon Dec 17 21:47:48 2012
New Revision: 1423169

URL: http://svn.apache.org/viewvc?rev=1423169&view=rev
Log:
Added a warning that these scripts leak information.
(Backport r1423166)

Modified:
    httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv
    httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
    httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
    httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi

Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv Mon Dec 17 21:47:48 2012
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/perl shebang, and on Unix / Linux also
 # set this script executable with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 ##
 ##  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs Mon Dec 17 21:47:48 2012
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf Mon Dec 17 21:47:48 2012
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment

Modified: httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi?rev=1423169&r1=1423168&r2=1423169&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi (original)
+++ httpd/httpd/branches/2.4.x/docs/cgi-examples/test-cgi Mon Dec 17 21:47:48 2012
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/sh shebang, and set this script executable
 # with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 # disable filename globbing
 set -f



Mime
View raw message