]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 732e39c) | patch
These files cannot be distributed at present - Justin, update your RC.32
authorWilliam A. Rowe Jr <wrowe@apache.org>
Wed, 13 Feb 2002 17:17:50 +0000 (17:17 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Wed, 13 Feb 2002 17:17:50 +0000 (17:17 +0000)
commit99423185fc88fd0693bb3b29938fc459141d01ca
treea864f6db86489bfe1b8fc471a6898fb89171f807tree
parent732e39cb224a4b7b7e58eb936fd01daec1acf835commit | diff
  These files cannot be distributed at present - Justin, update your RC.32

  Win32 is not escaping or rejecting ANY hazerdous shell command strings
  in Apache 2.0 at present.  These would include the pipe character (|)
  which allows the user to construct malicious request strings.

  This needs consideration in code and configuration before we reintroduce
  a batch-file based example.

  Reported by: Ory Segal <ORY.SEGAL@SANCTUMINC.COM>  13 Feb 2002

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93393 13f79535-47bb-0310-9956-ffa450edef68
Makefile.win diff | blob | blame | history
docs/cgi-examples/test-cgi.bat [deleted file] blob | blame | history
Mirror of https://github.com/apache/httpd.git