These files cannot be distributed at present - Justin, update your RC.32

Win32 is not escaping or rejecting ANY hazerdous shell command strings in Apache 2.0 at present. These would include the pipe character (|) which allows the user to construct malicious request strings. This needs consideration in code and configuration before we reintroduce a batch-file based example. Reported by: Ory Segal <ORY.SEGAL@SANCTUMINC.COM> 13 Feb 2002 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93393 13f79535-47bb-0310-9956-ffa450edef68
2025-08-15 23:27:39 +00:00 · 2002-02-13 17:17:50 +00:00
parent 43843aa44b
commit 0d3e3e0a95
2 changed files with 0 additions and 27 deletions
--- a/Makefile.win
+++ b/Makefile.win
@ -413,7 +413,6 @@ _install:
 	}
    }
 <<
-	copy docs\cgi-examples\test-cgi.bat "$(INSTDIR)\cgi-bin" <.y
 	xcopy docs\error "$(INSTDIR)\error" /s /d < .a
 	xcopy docs\docroot "$(INSTDIR)\htdocs" /d < .a
 	xcopy docs\manual "$(INSTDIR)\manual" /s /d < .a
--- a/docs/cgi-examples/test-cgi.bat
+++ b/docs/cgi-examples/test-cgi.bat
@ -1,26 +0,0 @@
-@echo off
-REM  Convince MSIE that this is NOT a client-side executable batch file!
-echo Content-disposition: inline; filename="test-cgi"
-echo Content-type: text/plain
-echo.
-echo CGI/1.0 test script report:
-echo.
-echo args are "%0 %*".
-echo.
-echo SERVER_SOFTWARE = %SERVER_SOFTWARE%
-echo SERVER_NAME = %SERVER_NAME%
-echo GATEWAY_INTERFACE = %GATEWAY_INTERFACE%
-echo SERVER_PROTOCOL = %SERVER_PROTOCOL%
-echo SERVER_PORT = %SERVER_PORT%
-echo REQUEST_METHOD = %REQUEST_METHOD%
-echo HTTP_ACCEPT = "%HTTP_ACCEPT%"
-echo PATH_INFO = "%PATH_INFO%"
-echo PATH_TRANSLATED = "%PATH_TRANSLATED%"
-echo SCRIPT_NAME = "%SCRIPT_NAME%"
-echo QUERY_STRING = "%QUERY_STRING%"
-echo REMOTE_HOST = %REMOTE_HOST%
-echo REMOTE_ADDR = %REMOTE_ADDR%
-echo REMOTE_USER = %REMOTE_USER%
-echo AUTH_TYPE = %AUTH_TYPE%
-echo CONTENT_TYPE = %CONTENT_TYPE%
-echo CONTENT_LENGTH = %CONTENT_LENGTH%