[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] 4.2 alpha 20060423 -- missing the code to do custom column documents

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] 4.2 alpha 20060423 -- missing the code to do custom column documents
From: henrik (at) hswn.dk (Henrik Stoerner)
Date: Mon, 29 May 2006 16:03:55 +0200
References: <5B3853EEF769544ABD6EEC79788A06390795C3B9@EXVS2.nibco.com>
User-agent: Mutt/1.5.9i

Hi Tom,

On Wed, May 03, 2006 at 01:43:45PM -0400, Kauffman, Tom wrote:

> This seems to have fallen by the wayside; we do a number of combo-tests
> and write up a document that covers both the nature and meaning of the
> tests AND the recovery process. Here's my current hobbitcolumn.sh . . .
> 
> #!/bin/sh
> 
> QS="${QUERY_STRING}"
> . /usr/local/hobbit/server/etc/hobbitcgi.cfg
> 
> if [ -f /usr/local/hobbit/server/www/help/$QS.html ]; then
>    echo "Content-type: text/html"
>    echo ""
>    cat /usr/local/hobbit/server/www/help/$QS.html
> else
>    QUERY_STRING="db=columndoc.csv&key=${QS}"
>    export QUERY_STRING
> 
>    exec /usr/local/hobbit/server/bin/bb-csvinfo.cgi $CGI_HOBBITCOLUMN_OPTS
> fi

be careful ... at least, you should quote that "$QS" in your script,
or there's a fairly easy to exploit way of having code executed on your
webserver.

I've changed the column-link code, so it checks for the help/ files
first, and then uses the hobbitcolumn.sh CGI as a fall-back solution.
The code was already there; it was merely a question of which of the
two possible links had precedence over the other.

Regards,
Henrik

References:
- 4.2 alpha 20060423 -- missing the code to do custom column documents
  - From: Kauffman, Tom

Prev by Date: Re: [hobbit] purple clients
Next by Date: R: [hobbit] http content check
Previous by thread: 4.2 alpha 20060423 -- missing the code to do custom column documents
Next by thread: Getting rid of Purple notifications
Index(es):
- Date
- Thread