From: Joshua Slive <slive@apache.org>
Date: Sun, 20 Aug 2006 19:47:19 +0000 (+0000)
Subject: Backport:
X-Git-Tag: 2.0.60~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c466f3f5411180054ffe6daa419127ba13e5476a;p=thirdparty%2Fapache%2Fhttpd.git

Backport:
My last effort was a little too succinct and not quite precise
enough.  Try being more explicit.

This does leave the danger that people will clip the <Location>
example as the proper way to do things, when they should be
reading on to the <Directory> example.  The <Location> example
is only correct when used in conjunction with Alias.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@433023 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_alias.html.en b/docs/manual/mod/mod_alias.html.en
index 9d65d753bee..bf7a2903665 100644
--- a/docs/manual/mod/mod_alias.html.en
+++ b/docs/manual/mod/mod_alias.html.en
@@ -355,15 +355,15 @@ target as a CGI script</td></tr>
     is essentially equivalent to:</p>
     <div class="example"><p><code>
       Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
       <span class="indent">
       SetHandler cgi-script<br />
       Options +ExecCGI<br />
       </span>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
     </code></p></div>
 
-    <div class="note">It is safer to avoid placing CGI scripts under the
+    <div class="warning">It is safer to avoid placing CGI scripts under the
     <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
     avoid accidentally revealing their source code if the
     configuration is ever changed.  The
@@ -371,8 +371,20 @@ target as a CGI script</td></tr>
     URL and designating CGI scripts at the same time.  If you do
     choose to place your CGI scripts in a directory already
     accessible from the web, do not use
-    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
-    above.</div>
+    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as in:
+    <div class="example"><p><code>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <span class="indent">
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </span>
+      &lt;/Directory&gt;
+    </code></p></div>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <code class="directive">ScriptAlias</code> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> section.</div>
 
 
 <h3>See also</h3>
@@ -412,4 +424,4 @@ and designates the target as a CGI script</td></tr>
 </div><div id="footer">
 <p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
-</body></html>
\ No newline at end of file
+</body></html>
diff --git a/docs/manual/mod/mod_alias.xml b/docs/manual/mod/mod_alias.xml
index 4bc5320416e..f4731c9f9ad 100644
--- a/docs/manual/mod/mod_alias.xml
+++ b/docs/manual/mod/mod_alias.xml
@@ -348,15 +348,15 @@ target as a CGI script</description>
     is essentially equivalent to:</p>
     <example>
       Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
       <indent>
       SetHandler cgi-script<br />
       Options +ExecCGI<br />
       </indent>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
     </example>
 
-    <note>It is safer to avoid placing CGI scripts under the
+    <note type="warning">It is safer to avoid placing CGI scripts under the
     <directive module="core">DocumentRoot</directive> in order to
     avoid accidentally revealing their source code if the
     configuration is ever changed.  The
@@ -367,8 +367,20 @@ target as a CGI script</description>
     <directive>ScriptAlias</directive>.  Instead, use <directive
     module="core" type="section">Directory</directive>, <directive
     module="core">SetHandler</directive>, and <directive
-    module="core">Options</directive> as shown in the second example
-    above.</note>
+    module="core">Options</directive> as in:
+    <example>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <indent>
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </indent>
+      &lt;/Directory&gt;
+    </example>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <directive>ScriptAlias</directive> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <directive module="core">Directory</directive> section.</note>
 
 </usage>
 <seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>