Re: Trouble ahead for cgi-bin/debian directory
From: Christoph Lameter <firstname.lastname@example.org>
> I noticed that
> was parsed as
This isn't quite right. The ?xxx should be in the environment variable
$PATH_INFO. Isn't this a requirement of the CGI standard?
Use your browser to touch http://cgi.debian.org/cgi-bin/bruce/foo .
Note the result says "Path: /foo". Look at the script in
That is how a virtual pathname script should work.
I think you can fix this easily enough with _another_ CGI script rather
than the hack you have made to the web server. Put a CGI script in your
real cgi-bin that is called "debian". It should look like this:
You may wish to filter certain patterns out of $PATH_INFO for security.
There are also one or two other environment variables passed to the CGI
with script pathname info that could be corrected.
> I would suggest getting rid of cgi-bin/debian altogether and letting
> the webserver in update-debian-www make links in the real cgi-bin.
It's possible, but more sloppy than I would like. Having the update-debian-www
put links into the primary cgi-bin means that the end-user must edit that
script if they want to turn off the automatic functionality. I'd rather have
it that the user need only remove a link or change a CGI path entry to remove
all of the automatic CGI scripts.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com