httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject PATH_INFO is bad for SSI
Date Thu, 19 Oct 1995 16:00:00 GMT
This might amuse the group; an example of why allowing allowing PATH_INFO is
bad for server-side includes:

The file /webroot/test.shtml contains

Hello <p>
<!-- #include virtual="msg.txt" -->

What happens when I access http://server/test.shtml/wibble ?

I get
Hello <p>
then it tries to include msg.txt, relative to /test.shtml/wibble ; this
is of course /test.shtml/msg.txt, so it includes itself! The output is
a long list like
Hello <p>
Hello <p>
Hello <p>

fortunately, it gives up after a while.

Ho hum.


View raw message