httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: includes security hole
Date Wed, 12 Apr 1995 07:34:34 GMT
   Date: Tue, 11 Apr 95 18:58 BST
   From: (David Robinson)

   >I had this working last night. I'll upload a patch sometime
   The other change I wanted to make to #include (and #exec cgi, I suppose) was
   to allow relative virtual paths to the included document, i.e.
   <--#include virtual="../inc.html" -->
   Unfortuantely, this requires the URL of the current document to be known,
   whereas httpd seems to have forgotten... Also, it would require parsing the
   document for a <base> tag. Not difficult.


The content negotiation code has a function which may be useful for
this, in part or in whole (substitute_mapped_name in http_mime_db.c,
which tries to interpret a URL relative to a given base; this is used
to resolve the URIs in map files).


View raw message