httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: cvs commit: httpd-2.0/modules/arch/win32 mod_win32.c
Date Sun, 23 Mar 2003 23:36:23 GMT
At 09:11 AM 3/22/2003, Jeff White wrote:

>>> wrowe       2003/02/23 14:37:35
>>>
>>>   Modified:    modules/arch/win32 mod_win32.c
>>>   Log:
>>>  utf-8 win32 prefix when testing for shebang lines.
>
>Doesn't the Apache on Windows web server have
>available a built-in Windows Scripting Engine and two
>built-in scripting languages, that do not use the # as
>a scripting comment marker?

No; Windows has a command-line Windows Scripting Host
(cscript, as opposed to the window-based wscript).  

As André indicated, this is most trivially enabled using the
Registry-based ScriptInterpreterSource directives.  It is actually
recommended that you use ScriptInterpreterSource registry-strict
which will invoke the ExecCGI verb, instead of using the Open
verb.  And yes - enabling that will allow you to use cscript.exe
to invoke your .wsh scripts.

Others have suggested a FileAction directive (as opposed to the
Action directive) which would allow you to associate handlers
for specific extensions with specific interpreter file name.  If you 
are familiar with the Action directive, that option associates 
handlers for specific extensions with a URI.

Finally, you *CAN* create .csh files with #! Shebang lines; because
they are interpreted within the [section] blocks.  The #! line is ignored
as a 'sectionless' line.  So the first line of myscript.wsh might look like;

#!c:/windows/system32/cscript.exe "%1" %*

However, it's sure easier to use the registry than fill up your server
with .wsh wrappers, or even modifying .js or .vbs files with shebang
lines.  In this case, the facilities we provide are already sufficient.

Again, you need to copy the command line from the Open2 verb to
the ExecCGI verb, because the default Open verb invokes wscript!

>> [...]  Now, perhaps some other compiled bytecode
>> uses the mark, but that should be irrelevant, because
>> we drop out of that logic if we don't encounter a !# after
>> the BOM.   No harm no foul.
>
>Has this been checked with the Apache on Windows
>access, to the built-in scripting engine, the Windows
>Scripting Engine (or WSH 5.6 usage, as some call it)
>and the scripting engine's default usage of the scripting
>languages of VBScript and JScript?

This patch is a no-op relative to VB/J Scripts.  It made no
impact, but would in fact be required to recognize any UTF-8
text saved from Notepad or other Win32-based text tools.

The patch simply skips the BOM, and that is harmless, no
matter if you are looking at Win32 executables, or any other
text files.

>[...] But isn't it
>possible to also check for // (two slashes for JScript
>usage) or for a ' (a single quote for VBScript usage)
>during the Apache on Windows script usage routine?
>Perhaps the Apache on Windows web server needs
>a config option to allow the server's scripting routine
>usage of the various scripting comment markers.

Again, why?  If the registry is the supported way for tracking
.js and .vbs script - we really don't profit from overloading.
Shebang lines (even your suggested '//' flavor) make sense
only when you have several interpreters for .js files, and you
need to mark which one.  Which bash, sh, zsh, or whichever
shell should be used to invoke somescript.sh?  The shebang
line tells you.

>Don't forget to check for security updates, for the built-in
>Windows Scripting Engine, and the scripting engine's
>languages. Both the built-in ones and the ones added later
>for usage with the built-in scripting engine in the Apache
>on Windows web server. Check even if you think no one
>uses the built-in Windows Scripting Engine (or WSH 5.6)
>on the Apache on Windows web server.

Good point and thanks for the suggestion! 


Mime
View raw message