[Snippage has occurred] Blue Boar wrote: > The format of the SSI command entered is as follows: > > <!--#exec cmd="cat /etc/group" > > You should place this command (or other desired command) somewhere in the > comments. > > The format of the command is part of the problem, and why I'm thinking > there may be some sloppiness in Apache. It appears that there is an > assumption that SSI commands tend to be on lines by themselves, and are of > the format: > > <!--# (SSI command) --> > > In my testing with the most recent Apache at the time (1.3.9) I found it > took any of the following: > > <!--#exec cmd="cat /etc/group"--> > <!--#exec cmd="cat /etc/group"> > <!--#exec cmd="cat /etc/group" > > It also didn't seem to matter that it was in the middle of a line of HTML. > > I'm actually a bit more worried about how many other scripts make this > assumption, and how long Apache has been making that be a bad assumption. Apache doesn't make a bad assumption. If you don't want SSIs executing stuff, you shouldn't enable it. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:53 PDT