httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jake buchholz <>
Subject 1.3.12 -> 1.3.14 & POSTing thru .shtml's
Date Wed, 22 Nov 2000 23:59:09 GMT
Recently, I upgraded apache on our servers from 1.3.12 to 1.3.14, and as
a result, one of our customers has been complaining that he's no longer
able to POST to his .shtml files.  These .shtml's are only comprised of...

<!--#include virtual="/cgi/script"-->

>From what I can tell, they're just doing this to mask the real URL of
the CGI.  The CGI's output contains a form which POSTs back to itself
(well, back to the .shtml version of itself).

So, was there a change between 1.3.12 and 1.3.14 that would have caused
this to cease working?  Was there a concern with the security of having
it work that way?  If not, is there a way to get it to work that way

I whipped up some quick PHP that took the POST information it was
expecting and fopen()'d the CGI (plus the info in GET format) and 
fpassthru()'d the output, which met with some success -- apparently
there was cookie information that the CGI picks up on, but the PHP
would have to pick that up and pass that along via GET as well...

Jake Buchholz, Senior Systems Administrator     :           /~\
Hosting Solutions Lead R&D Engineer             :    ASCII  \ /  Against
CoreComm, formerly, formerly ExecPC :   Ribbon   X   HTML
GnuPG (PGP5/6) and PGP 2.6.2 pub keys available : Campaign  / \  Mail

View raw message