Date: Thu, 28 Aug 1997 10:11:02 -0300 (ADT) From: 026809r@dragon.acadiau.ca (Michael Richards) To: spork@super-g.com (spork) Cc: freebsd-questions@freebsd.org Subject: Re: Server Side Includes Message-ID: <199708281311.KAA14081@dragon.acadiau.ca> In-Reply-To: <Pine.BSF.3.96.970827230301.22473A-100000@super-g.inch.com> from "spork" at Aug 27, 97 11:04:49 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> You should be careful where you put SSI... > > Especially if you have any pages (such as a guestbook) that allow users to > "create" html on the fly. It's rather simple for someone to include an > SSI directive in their bulletin board post. That command could do all > sorts of nasty things, such as rm -rf /, /usr/X11R6/bin/xterm, etc... That is a good thought... Surely the output from a CGI wouldn't be parsed though would it? Perhaps something like s/--#exec/--exec/i otta do the trick? I have nitemares about regular expressions though! -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708281311.KAA14081>