Looks like someone found another bug in sh-httpd: http://lists.netsys.com/pipermail/full-disclosure/2003-October/012776.html
The first 2 chunks of the patch supplied look OK, although I have not personally tested them. The third (and last) chunk of the patch should probably be tweaked to the following (again, not actually tested):
@@ -292,7 +292,7 @@
fi- DIR="`dname $URL`" + DIR="`dname \"$URL\"`" - FILE="`bname $URL`" + FILE="`bname \"$URL\"`"
Note that this bug is not a serious security issue if you have not allowed external internet access to the weblet server (blocked by default in all LEAF varients, so you'd have to explicitly enable access).
Bering team: This should probably get fixed (and tested) for the next update of Bering (I'm not planning on updating Dachstein). I can make the updates, if desired, but I'm not sure if the weblet package provided with Bering is the same I shipped with Dachstein, or if modifications have been made to the web content (seems likely) and/or sh-httpd server (ie: using the version patched for POST support).
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
