From: Joshua Slive <slive@apache.org>
Date: Sun, 20 Aug 2006 19:46:24 +0000 (+0000)
Subject: My last effort was a little too succinct and not quite precise
X-Git-Tag: 2.3.0~2151
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53133772ac0baaf835eb73451f58d17632bfb19f;p=thirdparty%2Fapache%2Fhttpd.git

My last effort was a little too succinct and not quite precise
enough.  Try being more explicit.

This does leave the danger that people will clip the <Location>
example as the proper way to do things, when they should be
reading on to the <Directory> example.  The <Location> example
is only correct when used in conjunction with Alias.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@433021 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_alias.html.en b/docs/manual/mod/mod_alias.html.en
index 948881a474c..099c8950594 100644
--- a/docs/manual/mod/mod_alias.html.en
+++ b/docs/manual/mod/mod_alias.html.en
@@ -366,15 +366,15 @@ target as a CGI script</td></tr>
     is essentially equivalent to:</p>
     <div class="example"><p><code>
       Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
       <span class="indent">
       SetHandler cgi-script<br />
       Options +ExecCGI<br />
       </span>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
     </code></p></div>
 
-    <div class="note">It is safer to avoid placing CGI scripts under the
+    <div class="warning">It is safer to avoid placing CGI scripts under the
     <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
     avoid accidentally revealing their source code if the
     configuration is ever changed.  The
@@ -382,8 +382,20 @@ target as a CGI script</td></tr>
     URL and designating CGI scripts at the same time.  If you do
     choose to place your CGI scripts in a directory already
     accessible from the web, do not use
-    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
-    above.</div>
+    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as in:
+    <div class="example"><p><code>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <span class="indent">
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </span>
+      &lt;/Directory&gt;
+    </code></p></div>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <code class="directive">ScriptAlias</code> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> section.</div>
 
 
 <h3>See also</h3>
diff --git a/docs/manual/mod/mod_alias.xml b/docs/manual/mod/mod_alias.xml
index ddf82f807bf..db12c55f2f7 100644
--- a/docs/manual/mod/mod_alias.xml
+++ b/docs/manual/mod/mod_alias.xml
@@ -361,15 +361,15 @@ target as a CGI script</description>
     is essentially equivalent to:</p>
     <example>
       Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
       <indent>
       SetHandler cgi-script<br />
       Options +ExecCGI<br />
       </indent>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
     </example>
 
-    <note>It is safer to avoid placing CGI scripts under the
+    <note type="warning">It is safer to avoid placing CGI scripts under the
     <directive module="core">DocumentRoot</directive> in order to
     avoid accidentally revealing their source code if the
     configuration is ever changed.  The
@@ -380,8 +380,20 @@ target as a CGI script</description>
     <directive>ScriptAlias</directive>.  Instead, use <directive
     module="core" type="section">Directory</directive>, <directive
     module="core">SetHandler</directive>, and <directive
-    module="core">Options</directive> as shown in the second example
-    above.</note>
+    module="core">Options</directive> as in:
+    <example>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <indent>
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </indent>
+      &lt;/Directory&gt;
+    </example>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <directive>ScriptAlias</directive> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <directive module="core">Directory</directive> section.</note>
 
 </usage>
 <seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>