Date: Wed, 24 Sep 2003 01:17:38 -0400 (GMT-04:00) From: daniel.collins@earthlink.net To: www@freebsd.org Subject: Code exposure on www5.us.freebsd.org Message-ID: <19987055.1064380659428.JavaMail.root@bert.psp.pas.earthlink.net>
next in thread | raw e-mail | index | archive | help
I'm not a CGI hacker (more like your typical PHP coder) but I noticed the following: When I went to the following URL : http://www5.us.freebsd.org/cgi/query-pr-summary.cgi?query The server returned to me the contents of the script instead of executing it, e.g. #!/usr/bin/perl -T # $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.40 2003/09/02 09:46:27 dougb Exp $ sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; } $html_mode = 1 if $ENV{'DOCUMENT_ROOT'}; $self_ref = $ENV{'SCRIPT_NAME'}; ($query_pr_ref = $self_ref) =~ s/-summary//; $ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin'; $project = "FreeBSD"; $mail_prefix = "freebsd-"; $mail_unass = "freebsd-bugs"; $ports_unass = "ports-bugs"; $closed_too = 0; [...... and so forth...] I don't know if this is just a transient issue with your server configs or if this is something I should have PR'd but I hope I'm sending this to the right place and somebody finds it usefl. This seemed to work properly on www.freebsd.org, but I haven't tried any of the other mirrors. BTW, is there an easy way to write that header line with the version and date in it? I'd like to use those in my critical files as well. Peace, -- Daniel <><
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19987055.1064380659428.JavaMail.root>