From: Astrid Malo Date: Sat, 28 Jun 2003 22:38:13 +0000 (+0000) Subject: explain ScriptInterpreterSource a little bit more X-Git-Tag: pre_ajp_proxy~1502 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e934c0f1694e69a0e5b8d98b3ff58c3dd51d601b;p=apache explain ScriptInterpreterSource a little bit more git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100388 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 2298bddce0..b30644e18d 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -2480,22 +2480,52 @@ scripts Override:FileInfo Status:Core Module:core -Compatibility:Win32 only
+Compatibility:Win32 only; option Registry-Strict is available in Apache 2.0 and later

This directive is used to control how Apache finds the - interpreter used to run CGI scripts. The default technique is to - use the interpreter pointed to by the #! line in the - script.

+ interpreter used to run CGI scripts. The default setting is + Script. This causes Apache to use the interpreter pointed to + by the shebang line (first line, starting with #!) in the + script. On Win32 systems this line usually looks like:

+ +

+ #!C:/Perl/bin/perl.exe +

+ +

or, if perl is in PATH, simply:

+ +

+ #!perl +

Setting ScriptInterpreterSource Registry will - cause the Windows Registry to be searched using the script file - extension (e.g., .pl) as a search key.

+ cause the Windows Registry tree HKEY_CLASSES_ROOT to be + searched using the script file extension (e.g., .pl) as a + search key. The command defined by the registry subkey + Shell\Open\Command is used to open the script file. In absence + of the file extension key or the Shell\Open\Command subkey + Apache uses the Script option.

+ +

Security

+

Be careful to use ScriptInterpreterSource Registry with + ScriptAlias'ed directories, + because Apache is trying to execute every file within + this directory. The Registry setting may cause undesired + program calls on files, which are usually not executed. For example, the + default open command on .htm files on most Windows systems is + executing the Microsoft Internet Explorer, so any HTTP request for an + .htm file existing within the script directory would start + the browser in background. This is an effective method to crash your + system within a minute or so.

+

The option Registry-Strict which is new in Apache 2.0 - does the same as Registry but uses a more strict registry - search.

+ does the same as Registry but uses the subkey + Shell\ExecCGI\Command instead. The ExecCGI key + is not a common one. It has to be configured manually and prevents your + system from accidental program calls.

top
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 11a2e9f5ff..bf0040b969 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -2437,17 +2437,47 @@ later

This directive is used to control how Apache finds the - interpreter used to run CGI scripts. The default technique is to - use the interpreter pointed to by the #! line in the - script.

+ interpreter used to run CGI scripts. The default setting is + Script. This causes Apache to use the interpreter pointed to + by the shebang line (first line, starting with #!) in the + script. On Win32 systems this line usually looks like:

+ + + #!C:/Perl/bin/perl.exe + + +

or, if perl is in PATH, simply:

+ + + #!perl +

Setting ScriptInterpreterSource Registry will - cause the Windows Registry to be searched using the script file - extension (e.g., .pl) as a search key.

+ cause the Windows Registry tree HKEY_CLASSES_ROOT to be + searched using the script file extension (e.g., .pl) as a + search key. The command defined by the registry subkey + Shell\Open\Command is used to open the script file. In absence + of the file extension key or the Shell\Open\Command subkey + Apache uses the Script option.

+ + Security +

Be careful to use ScriptInterpreterSource Registry with + ScriptAlias'ed directories, + because Apache is trying to execute every file within + this directory. The Registry setting may cause undesired + program calls on files, which are usually not executed. For example, the + default open command on .htm files on most Windows systems is + executing the Microsoft Internet Explorer, so any HTTP request for an + .htm file existing within the script directory would start + the browser in background. This is an effective method to crash your + system within a minute or so.

+

The option Registry-Strict which is new in Apache 2.0 - does the same as Registry but uses a more strict registry - search.

+ does the same as Registry but uses the subkey + Shell\ExecCGI\Command instead. The ExecCGI key + is not a common one. It has to be configured manually and prevents your + system from accidental program calls.