[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trouble ahead for cgi-bin/debian directory

From: Christoph Lameter <clameter@waterf.org>
> I noticed that
> http://localhost/cgi-bin/debian/xxxx
> was parsed as
> http://localhost/cgi-bin/debian?xxxx

This isn't quite right. The ?xxx should be in the environment variable
$PATH_INFO. Isn't this a requirement of the CGI standard?
Use your browser to touch http://cgi.debian.org/cgi-bin/bruce/foo .
Note the result says "Path: /foo". Look at the script in
/home/Archives/DebianWebMaster/cgi.debian.org/cgi-bin/bruce .
That is how a virtual pathname script should work.

I think you can fix this easily enough with _another_ CGI script rather
than the hack you have made to the web server. Put a CGI script in your
real cgi-bin that is called "debian". It should look like this:

	#! /bin/bash
	exec /var/debian-www/cgi-bin/$PATH_INFO

You may wish to filter certain patterns out of $PATH_INFO for security.
There are also one or two other environment variables passed to the CGI
with script pathname info that could be corrected.

> I would suggest getting rid of cgi-bin/debian altogether and letting
> the webserver in update-debian-www make links in the real cgi-bin.

It's possible, but more sloppy than I would like. Having the update-debian-www
put links into the primary cgi-bin means that the end-user must edit that
script if they want to turn off the automatic functionality. I'd rather have
it that the user need only remove a link or change a CGI path entry to remove
all of the automatic CGI scripts.



TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: