This, and windows CGI code disclosure - and I release 1.39. CGI code disclosure is really, really nasty.
SHTTPD recognize CGIs by file extension. If user requests a file "http://server/a.cgi%20";, i.e. with trailing space, SHTTPD does not treat it as CGI - obviously. But very annoying fact is that windows happily opens "a.cgi" even if "a.cgi " (with trailing space) is given. So fopen("a.txt ", "r") on Windows opens "a.txt". This is crazy, I would like to beat those bastards. What a retards. On Feb 13, 2008 9:00 PM, Sergey Lyubka <[EMAIL PROTECTED]> wrote: > >One thing, just in case, the current directory is not necessarily the > directory where the program is located. > > Makes sense. Will do it. > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ shttpd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shttpd-general
