Hi Tom,
On Wed, May 03, 2006 at 01:43:45PM -0400, Kauffman, Tom wrote:
This seems to have fallen by the wayside; we do a number of combo-tests
and write up a document that covers both the nature and meaning of the
tests AND the recovery process. Here's my current hobbitcolumn.sh . . .
#!/bin/sh
QS="${QUERY_STRING}"
. /usr/local/hobbit/server/etc/hobbitcgi.cfg
if [ -f /usr/local/hobbit/server/www/help/$QS.html ]; then
echo "Content-type: text/html"
echo ""
cat /usr/local/hobbit/server/www/help/$QS.html
else
QUERY_STRING="db=columndoc.csv&key=${QS}"
export QUERY_STRING
exec /usr/local/hobbit/server/bin/bb-csvinfo.cgi $CGI_HOBBITCOLUMN_OPTS
fi
be careful ... at least, you should quote that "$QS" in your script,
or there's a fairly easy to exploit way of having code executed on your
webserver.
I've changed the column-link code, so it checks for the help/ files
first, and then uses the hobbitcolumn.sh CGI as a fall-back solution.
The code was already there; it was merely a question of which of the
two possible links had precedence over the other.
Regards,
Henrik