[hobbit] 4.2 alpha 20060423 -- missing the code to do custom column documents
Henrik Stoerner
henrik at hswn.dk
Mon May 29 16:03:55 CEST 2006
Hi Tom,
On Wed, May 03, 2006 at 01:43:45PM -0400, Kauffman, Tom wrote:
> This seems to have fallen by the wayside; we do a number of combo-tests
> and write up a document that covers both the nature and meaning of the
> tests AND the recovery process. Here's my current hobbitcolumn.sh . . .
>
> #!/bin/sh
>
> QS="${QUERY_STRING}"
> . /usr/local/hobbit/server/etc/hobbitcgi.cfg
>
> if [ -f /usr/local/hobbit/server/www/help/$QS.html ]; then
> echo "Content-type: text/html"
> echo ""
> cat /usr/local/hobbit/server/www/help/$QS.html
> else
> QUERY_STRING="db=columndoc.csv&key=${QS}"
> export QUERY_STRING
>
> exec /usr/local/hobbit/server/bin/bb-csvinfo.cgi $CGI_HOBBITCOLUMN_OPTS
> fi
be careful ... at least, you should quote that "$QS" in your script,
or there's a fairly easy to exploit way of having code executed on your
webserver.
I've changed the column-link code, so it checks for the help/ files
first, and then uses the hobbitcolumn.sh CGI as a fall-back solution.
The code was already there; it was merely a question of which of the
two possible links had precedence over the other.
Regards,
Henrik
More information about the Xymon
mailing list