File | Last Change |
---|---|
../ | |
docs.cgi | 1.4 (23 years ago) by pjm2: Fixed a potential security problem with the page. All filenames passed as the "doc" parameter must end in ".txt" and may not contain any other dots, for example "../", but sensible web servers should restrict the wwwuser as a matter of caution, anyway. Furthermore, only normal characters are allowed in the filename - see the regexp on line 36 to see what these are. This was to combat malicious users potentially inserting a ";" or other character in the HTTP querystring, however, most implementations of perl CGI readily ignore everything after (and including) the first ";" when a new CGI object is used to return the form variables. |
cvswww-extract.cgi | 1.3 (23 years ago) by tdb: Added some paths... |
cvslog.cgi | 1.2 (23 years ago) by tdb: Changed the title on the page. |