From b78f538d89d035444ed49576185a28c76e8a036f Mon Sep 17 00:00:00 2001
From: Guenter Knauf <fuankg@apache.org>
Date: Mon, 17 Dec 2012 21:47:48 +0000
Subject: [PATCH] Added a warning that these scripts leak information.
 (Backport r1423166)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1423169 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/cgi-examples/printenv     | 9 ++++++---
 docs/cgi-examples/printenv.vbs | 9 ++++++---
 docs/cgi-examples/printenv.wsf | 9 ++++++---
 docs/cgi-examples/test-cgi     | 9 ++++++---
 4 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/docs/cgi-examples/printenv b/docs/cgi-examples/printenv
index fca6f8a435..5b5035e268 100644
--- a/docs/cgi-examples/printenv
+++ b/docs/cgi-examples/printenv
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/perl shebang, and on Unix / Linux also
 # set this script executable with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 ##
 ##  printenv -- demo CGI program which just prints its environment
diff --git a/docs/cgi-examples/printenv.vbs b/docs/cgi-examples/printenv.vbs
index ba8bcbc0ac..9336d43263 100644
--- a/docs/cgi-examples/printenv.vbs
+++ b/docs/cgi-examples/printenv.vbs
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment
diff --git a/docs/cgi-examples/printenv.wsf b/docs/cgi-examples/printenv.wsf
index c70b9a65c5..d982eac21f 100644
--- a/docs/cgi-examples/printenv.wsf
+++ b/docs/cgi-examples/printenv.wsf
@@ -3,9 +3,12 @@
 ' To permit this cgi, replace ' on the first line above with the
 ' appropriate shebang, f.e. '!c:/windows/system32/cscript -nologo
 '
-' Note that it is subject to cross site scripting attacks on MS IE
-' and any other browser which fails to honor RFC2616, so never use
-' it in a live server environment, it is provided only for testing.
+' ***** !!! WARNING !!! *****
+' This script echoes the server environment variables and therefore
+' leaks information - so NEVER use it in a live server environment!
+' It is provided only for testing purpose.
+' Also note that it is subject to cross site scripting attacks on
+' MS IE and any other browser which fails to honor RFC2616. 
 
 ''
 ''  printenv -- demo CGI program which just prints its environment
diff --git a/docs/cgi-examples/test-cgi b/docs/cgi-examples/test-cgi
index d92e0eccf8..eb80f3e4db 100644
--- a/docs/cgi-examples/test-cgi
+++ b/docs/cgi-examples/test-cgi
@@ -4,9 +4,12 @@
 # appropriate #!/path/to/sh shebang, and set this script executable
 # with chmod 755.
 #
-# Note that it is subject to cross site scripting attacks on MS IE
-# and any other browser which fails to honor RFC2616, so never use
-# it in a live server environment, it is provided only for testing.
+# ***** !!! WARNING !!! *****
+# This script echoes the server environment variables and therefore
+# leaks information - so NEVER use it in a live server environment!
+# It is provided only for testing purpose.
+# Also note that it is subject to cross site scripting attacks on
+# MS IE and any other browser which fails to honor RFC2616. 
 
 # disable filename globbing
 set -f
-- 
2.40.0