4.2 alpha 20060423 -- missing the code to do custom column documents 🔗 link

Henrik -

This seems to have fallen by the wayside; we do a number of combo-tests
and write up a document that covers both the nature and meaning of the
tests AND the recovery process. Here's my current hobbitcolumn.sh . . .

#!/bin/sh

QS="${QUERY_STRING}"
. /usr/local/hobbit/server/etc/hobbitcgi.cfg

if [ -f /usr/local/hobbit/server/www/help/$QS.html ]; then
   echo "Content-type: text/html"
   echo ""
   cat /usr/local/hobbit/server/www/help/$QS.html
else
   QUERY_STRING="db=columndoc.csv&key=${QS}"
   export QUERY_STRING

   exec /usr/local/hobbit/server/bin/bb-csvinfo.cgi
$CGI_HOBBITCOLUMN_OPTS
fi

Tom Kauffman
NIBCO, Inc
CONFIDENTIALITY NOTICE:  This email and any attachments are for the exclusive and confidential use of the intended recipient.  If you are not
the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. We do not waive  attorney-client or work product privilege by the transmission of this
message.

Hi Tom,

On Wed, May 03, 2006 at 01:43:45PM -0400, Kauffman, Tom wrote:

be careful ... at least, you should quote that "$QS" in your script,
or there's a fairly easy to exploit way of having code executed on your
webserver.

I've changed the column-link code, so it checks for the help/ files
first, and then uses the hobbitcolumn.sh CGI as a fall-back solution.
The code was already there; it was merely a question of which of the
two possible links had precedence over the other.


Regards,
Henrik