www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Atushi Okamoto <atush...@d2.dion.ne.jp>
Subject config/5256: Why do CGI executed ? if configuration is "Options IncludesNOEXEC ExecCGI" then I think CGI don't executed.
Date Fri, 05 Nov 1999 03:59:06 GMT

>Number:         5256
>Category:       config
>Synopsis:       Why do CGI executed ? if configuration is "Options IncludesNOEXEC ExecCGI"
then I think CGI don't executed.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Nov  4 20:00:02 PST 1999
>Last-Modified:
>Originator:     atushi_o@d2.dion.ne.jp
>Organization:
apache
>Release:        1.3.3
>Environment:
Linux kernel 2.0.36
>Description:
it is case by  "&lt;!--#include file="???.cgi"--&gt;".

exsample:
---[HTML source]---
 &lt;html&gt;
 &lt;head&gt;
 &lt;/head&gt;
 &lt;body&gt;
 &lt;!--#include file="test.cgi"--&gt;
 &lt;/body&gt;
 &lt;/html&gt;

---[CGI script]---
#!/bin/sh
echo 'Content-type: text/plain'
echo
echo 'abc'

#end of script
---
it was printed as "abc".
but I did think it is printed as 
"echo 'Content-type: text/plain'
 echo
 echo 'abc'".

==================

See also:Module mod_include
---
Basic Elements
:
:
include 
     This command inserts the text of another document or file into the parsed file. Any included
file is subject to the usual access
     control. If the directory containing the parsed file has the Option IncludesNOEXEC set,
and the including the document would
     cause a program to be executed, then it will not be included; this prevents the execution
of CGI scripts. Otherwise CGI scripts
     are invoked as normal using the complete URL given in the command, including any query
string. 
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]




Mime
View raw message