perl-modperl-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rich...@hyperreal.org
Subject cvs commit: modperl-site/embperl Changes.pod.1.html index.html
Date Tue, 05 Oct 1999 06:04:43 GMT
richter     99/10/04 23:04:43

  Modified:    embperl  Changes.pod.1.html index.html
  Log:
  Embperl Webpages - Changes
  
  Revision  Changes    Path
  1.94      +18 -4     modperl-site/embperl/Changes.pod.1.html
  
  Index: Changes.pod.1.html
  ===================================================================
  RCS file: /export/home/cvs/modperl-site/embperl/Changes.pod.1.html,v
  retrieving revision 1.93
  retrieving revision 1.94
  diff -u -r1.93 -r1.94
  --- Changes.pod.1.html	1999/10/04 16:01:42	1.93
  +++ Changes.pod.1.html	1999/10/05 06:04:41	1.94
  @@ -18,7 +18,7 @@
     <blockquote>
   [<a href="index.html">HOME</a>]&nbsp;&nbsp; [<a href="Changes.pod.cont.html">CONTENT</a>]&nbsp;&nbsp;
[<a href="Changes.pod.cont.html">PREV (Revision History - Content)</a>]&nbsp;&nbsp;
[<a href="Changes.pod.2.html">NEXT (1.2b9 (BETA) 10. Sept 1999)</a>]&nbsp;&nbsp;
<br><hr>
   <P>
  -Last Update: Mon Oct 4 18:01:06 1999 (MET)
  +Last Update: Tue Oct 5 08:04:20 1999 (MET)
   
   <P>
   NOTE: This version is only available via <A HREF="CVS.pod.1.html#INTRO">"CVS"</A>
  @@ -26,7 +26,20 @@
   
   
   <P>
  -<PRE>   - Fixed a problem that had occured with magic SVs (tied scalar)
  +<PRE>   - Fixed a great security whole in CGI mode. Because Apache passes
  +     anything after the first '?' to the cgi script as commandline
  +     arguments, embpexec.pl could be tricked into offline mode, where
  +     it returned any file that is readable by the httpd! So if you are
  +     using CGI mode, I strongly recommend to update to 1.2b10.
  +     Now you must use embpcgi.pl instead of embpexec.pl in CGI mode.
  +     Spotted by Jason Holt.
  +   - Added EMBPERL_ALLOW. If the file doesn't EMBPERL_ALLOW Embperl
  +     will return forbidden. This is primarly another security
  +     feature, because dependig on the way you use Embperl in CGI mode,
  +     it will not honour all Apache access restrictions. With 
  +     EMBPERL_ALLOW, you can now force it to serve only certain
  +     files. Suggested by Jason Holt.
  +   - Fixed a problem that had occured with magic SVs (tied scalar)
        as source for the Execute function. Spotted by Todd Eigenschink.
      - Embperl works now with Apache::Session 0.17, 1.02 and 1.04
        (1.03 is errornous)
  @@ -41,8 +54,9 @@
        cause a syntax error in some situations. Spotted by Oyvind Gjerstad.
      - exit now works the same in offline, mod_perl and cgi mode, it
        ends the execution of the page, but not the programm itself.
  -   - exit inside a sub will now really exit the page. Spotted by
  -     Cliff Rayman.     
  +   - exit inside a sub will now really exit the page. (but exit inside
  +     a file called via Execute will only exit this file, not the whole
  +     request) Spotted by Cliff Rayman.     
   </PRE>
   <p>[<a href="index.html">HOME</a>]&nbsp;&nbsp; [<a href="Changes.pod.cont.html">CONTENT</a>]&nbsp;&nbsp;
[<a href="Changes.pod.cont.html">PREV (Revision History - Content)</a>]&nbsp;&nbsp;
[<a href="Changes.pod.2.html">NEXT (1.2b9 (BETA) 10. Sept 1999)</a>]&nbsp;&nbsp;
<br>
       <font color="#808080">___________________________________________________________________________________<br>
  
  
  
  1.39      +0 -0      modperl-site/embperl/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /export/home/cvs/modperl-site/embperl/index.html,v
  retrieving revision 1.38
  retrieving revision 1.39
  diff -u -r1.38 -r1.39
  --- index.html	1999/10/04 16:02:21	1.38
  +++ index.html	1999/10/05 06:04:41	1.39
  @@ -197,7 +197,7 @@
   <blockquote>
     <p><font color="#808080">___________________________________________________________________________________<br>
     HTML::Embperl - Copyright (c) 1997-99 Gerald Richter / ECOS &lt;richter@dev.ecos.de&gt;<br>
  -  Last Update $Id: index.html,v 1.38 1999/10/04 16:02:21 richter Exp $</font></p>

  +  Last Update $Id: index.html,v 1.39 1999/10/05 06:04:41 richter Exp $</font></p>

   </blockquote>
   </td></tr><!--msnavigation--></table></body>
   </html>
  
  
  

Mime
View raw message