Added a warning that these scripts leak information.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1423166 13f79535-47bb-0310-9956-ffa450edef68
2025-08-01 07:26:57 +03:00 · 2012-12-17 21:44:32 +00:00
parent 81f9d80b1f
commit f1e3cd4568
4 changed files with 24 additions and 12 deletions
--- a/docs/cgi-examples/printenv
+++ b/docs/cgi-examples/printenv
@ -4,9 +4,12 @@
 # appropriate #!/path/to/perl shebang, and on Unix / Linux also
 # set this script executable with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 

 ##
 ##  printenv -- demo CGI program which just prints its environment
--- a/docs/cgi-examples/printenv.vbs
+++ b/docs/cgi-examples/printenv.vbs
@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 

 ''
 ''  printenv -- demo CGI program which just prints its environment
--- a/docs/cgi-examples/printenv.wsf
+++ b/docs/cgi-examples/printenv.wsf
@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 

 ''
 ''  printenv -- demo CGI program which just prints its environment
--- a/docs/cgi-examples/test-cgi
+++ b/docs/cgi-examples/test-cgi
@ -4,9 +4,12 @@
 # appropriate #!/path/to/sh shebang, and set this script executable
 # with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 

 # disable filename globbing
 set -f