Embperl - building dynamic websites with Perl


1.2b10 (BETA) 7 Oct. 1999
[ << Prev: 1.2b11 (BETA) 4 Nov 1999 ] [ Content ] [ Next: 1.2b9 (BETA) 10. Sept 1999 >> ]
   - Fixed a great security whole in CGI mode. Because Apache passes
     anything after the first '?' to the cgi script as commandline
     arguments, embpexec.pl could be tricked into offline mode, where
     it returned any file that is readable by the httpd! So if you are
     using CGI mode, I strongly recommend to update to 1.2b10.
     Now you must use embpcgi.pl instead of embpexec.pl in CGI mode.
     Spotted by Jason Holt.
   - Added EMBPERL_ALLOW. If the file doesn't EMBPERL_ALLOW Embperl
     will return forbidden. This is primarly another security
     feature, because dependig on the way you use Embperl in CGI mode,
     it will not honour all Apache access restrictions. With 
     EMBPERL_ALLOW, you can now force it to serve only certain
     files. Suggested by Jason Holt.
   - Fixed a problem that had occured with magic SVs (tied scalar)
     as source for the Execute function. Spotted by Todd Eigenschink.
   - Embperl works now with Apache::Session 0.17, 1.02 and 1.04
     (1.03 is errornous)
   - Fixed a SIGSEGV that occurs when the req_rec parameter of the
     Execute functions gets a Apache::Request object instead of a
     Apache object, which occured due to the different ways the
     Apache internal request_rec is stored inside the object.
     Spotted by Francis J. Lacoste.	
   - Fixed a SIGSEGV that occured when outputting to a scalar and
     optReturnError is set. Spotted by Francis J. Lacoste.
   - Added a ; after the begin block in startup.pl, which seems had
     cause a syntax error in some situations. Spotted by Oyvind Gjerstad.
   - exit now works the same in offline, mod_perl and cgi mode, it
     ends the execution of the page, but not the programm itself.
   - exit inside a sub will now really exit the page. (but exit inside
     a file called via Execute will only exit this file, not the whole
     request) Spotted by Cliff Rayman.     
   - Added new hash %http_headers_out which could be used to set arbitary
     http header under mod_perl _and_ in cgi mode. "Location" header will
     automaticly set status to 301.
   - setting http headers and <META HTTP-EQUIV=..> now works also
     in cgi mode.
   - Session Handling now also works in CGI mode (needs
     Apache::Session >= 1.04)
   - ACTION attribute of Formtag is now URL en/decoded. Spotted by
     Hartmut Palm.

[ << Prev: 1.2b11 (BETA) 4 Nov 1999 ] [ Content ] [ Next: 1.2b9 (BETA) 10. Sept 1999 >> ]


© 1997-2023 Gerald Richter / actevy