httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject Re: includes security hole
Date Tue, 11 Apr 1995 18:58:00 GMT
>I had this working last night. I'll upload a patch sometime
The other change I wanted to make to #include (and #exec cgi, I suppose) was
to allow relative virtual paths to the included document, i.e.
<--#include virtual="../inc.html" -->
Unfortuantely, this requires the URL of the current document to be known,
whereas httpd seems to have forgotten... Also, it would require parsing the
document for a <base> tag. Not difficult.


View raw message