On Wed, 8 Jul 1998, Steve Willer wrote: > To be honest, although I ended up not using ePerl, I would consider this > mistake fairly understandable. I mean, I can't think of anywhere that > still uses ISINDEX, so it's not that strange for it to fall out of a > developer's mental space. I don't agree with you on that. First, ISINDEX is well documented in the CGI specification and ePerl claims that is CGI/1.1 compliant. Second, if you want your software to work (not mentioning being secure), you can't forget things that are written in the specs. > I do want to make one point about the original bug report: If I read it > correctly, then you will only be able to execute ePerl code, *not* Perl > code. ePerl starts off in "plain text" mode, so anything until the > ePerl-open tag will be output as plain text. You'll be able to execute PERL code, since all that ePerl does is putting a PERL "print" command in front of your HTML code and passing it to the Perl interpreter along with the PERL code embedded in the page. Another thing: this bug was found in the latest (2.2.12) version of ePerl. +----------------------------------------------------------------------+ | Tiago Luz Pinto tiagoat_private | | | | Network Administrator - Department of Production Engineering | | Federal University of Santa Catarina - Brazil | +----------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:03 PDT