Should I file a bug for this issue? I think everybody has voted on not
executing scripts, so I think we are ready for a bug.
Lars
On 22.02.2008, at 14:03, Lars Trieloff wrote:
Hi Felix,
you know my position, and I hope the vote is not yet closed,
On 21.02.2008, at 16:52, Felix Meschberger
Hi Lars,
Issue would be nice, yes.
Regards
Felix
Am Montag, den 25.02.2008, 14:11 +0100 schrieb Lars Trieloff:
Should I file a bug for this issue? I think everybody has voted on not
executing scripts, so I think we are ready for a bug.
Lars
On 22.02.2008, at 14:03, Lars Trieloff
Hi Felix,
you know my position, and I hope the vote is not yet closed,
On 21.02.2008, at 16:52, Felix Meschberger wrote:
[x] Don't ever excute directly addressed scripts
[ ] Execute if some of the selectors has a certain value
(e.g. last selector is exec)
[ ] Execute if there is
I think executing a script upon GET of a URI should only be possible
on generated (symlink or alias) URIs that are specifically configured
for that purpose and have separate access control from the URIs used
to edit/view those scripts. This follows the same practice used in
Web servers with CGI
On Thu, Feb 21, 2008 at 4:52 PM, Felix Meschberger [EMAIL PROTECTED] wrote:
... I would like to poll you opinions on this matter:
[X ] Don't ever excute directly addressed scripts
And we can add one of those options later, if we ever need them:
[ ] Execute if some of the selectors has
[x] Don't ever execute directly addressed scripts
[ ] Execute if some of the selectors has a certain value (e.g. last
selector is exec)
[ ] Execute if there is an extension
[ ] Execute unless there is a special request header (e.g. X-Sling-Exec)
--
-
Hi all,
As a side effect of the Resource tree stuff we recently implemented, it
is now possible to address server-side scripts and have them executed
without the need to create some repository node with a resource type
pointing to the script. This may be of use in certain administrative use
