httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r1421184 - in /httpd/httpd/branches/2.4.x/docs/cgi-examples: printenv.vbs printenv.wsf
Date Sat, 15 Dec 2012 14:00:25 GMT
On Thu, Dec 13, 2012 at 5:04 AM, <fuankg@apache.org> wrote:

> Author: fuankg
> Date: Thu Dec 13 10:04:51 2012
> New Revision: 1421184
>
> URL: http://svn.apache.org/viewvc?rev=1421184&view=rev
> Log:
> Added Windows CGI samples.
>
> Added:
>     httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs   (with
> props)
>     httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf   (with
> props)
>

I don't understand why we ship this.

If some Windows user wants to find out how to write a CGI script in yet
another language they can bing it.

We have had a couple of very basic examples from the dark ages of the web,
and that is MUCH more than enough IMO, particularly since these particular
examples are information leaks as soon as somebody enables them.



>
> Added: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs?rev=1421184&view=auto
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs (added)
> +++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs Thu Dec 13
> 10:04:51 2012
> @@ -0,0 +1,29 @@
> +'
> +
> +' To permit this cgi, replace ' on the first line above with the
> +' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
> +'
> +' Note that it is subject to cross site scripting attacks on MS IE
> +' and any other browser which fails to honor RFC2616, so never use
> +' it in a live server environment, it is provided only for testing.
> +
> +''
> +''  printenv -- demo CGI program which just prints its environment
> +''
> +Option Explicit
> +
> +Dim objShell, objArray, str, envvar, envval
> +Set objShell = CreateObject("WScript.Shell")
> +Set objArray = CreateObject("System.Collections.ArrayList")
> +
> +WScript.StdOut.WriteLine "Content-type: text/plain; charset=iso-8859-1" &
> vbLF
> +For Each str In objShell.Environment("PROCESS")
> +  objArray.Add str
> +Next
> +objArray.Sort()
> +For Each str In objArray
> +  envvar = Left(str, InStr(str, "="))
> +  envval = Replace(Mid(str, InStr(str, "=") + 1), vbLF, "\n")
> +  WScript.StdOut.WriteLine envvar & Chr(34) & envval & Chr(34)
> +Next
> +
>
> Propchange: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.vbs
>
> ------------------------------------------------------------------------------
>     svn:eol-style = native
>
> Added: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf?rev=1421184&view=auto
>
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf (added)
> +++ httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf Thu Dec 13
> 10:04:51 2012
> @@ -0,0 +1,30 @@
> +'
> +
> +' To permit this cgi, replace ' on the first line above with the
> +' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
> +'
> +' Note that it is subject to cross site scripting attacks on MS IE
> +' and any other browser which fails to honor RFC2616, so never use
> +' it in a live server environment, it is provided only for testing.
> +
> +''
> +''  printenv -- demo CGI program which just prints its environment
> +''
> +<job>
> +<script language="JScript">
> +  WScript.Echo("Content-type: text/plain; charset=iso-8859-1\n");
> +  var objShell = new ActiveXObject("WScript.Shell");
> +  var objArray = new Array();
> +  var e = new Enumerator(objShell.Environment("PROCESS"));
> +  for (;!e.atEnd();e.moveNext()) {
> +    var i = e.item().indexOf("=");
> +    var envvar = e.item().substring(0, i);
> +    var envval = e.item().substring(i + 1, e.item().length);
> +    envval = envval.replace("\n", "\\n");
> +    objArray.push(envvar + "=\"" + envval + "\"");
> +  }
> +  objArray.sort();
> +  WScript.Echo(objArray.join("\n"));
> +</script>
> +</job>
> +
>
> Propchange: httpd/httpd/branches/2.4.x/docs/cgi-examples/printenv.wsf
>
> ------------------------------------------------------------------------------
>     svn:eol-style = native
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message