The URL
ftp://ftp.dev.ecos.de/pub/perl/embperl/HTML-Embperl-1.2b10.tar.gz
has entered CPAN as
file: $CPAN/authors/id/GRICHTER/HTML-Embperl-1.2b10.tar.gz
size: 251896 bytes
md5: b2f0eb3cace188fded36fdd1020b092e
Embperl is a module for embedding Perl code in HTML pages. See
http://perl.apache.org/embperl/ (english) or http://www.ecos.de/embperl/
(german) for more informations.
The importantst change in this beta release, is a securty fix for cgi mode.
If you are using Embperl as cgi, a should upgrade!
Also I have adapted Embperl to Apache::Session 1.03 which Jeff has uploaded
to CPAN. Unfortunately 1.03 contains some error so I have made an
Apache::Session 1.04.
As of this writing, Apache::Session 1.04 is still only available from
ftp://ftp.dev.ecos.de/pub/perl/embperl/Apache-Session-1.04.tar.gz
I hope Jeffery will make it soon availabe on CPAN.
This is a pre-1.2 release and contains mostly bug fixes in preparation for
the
real 1.2 release, which is hopefully the next that comes out.
I like to encourage everybody who is using Embperl, to test this version and
let me know any problems you have, so I can fix them before 1.2 goes out.
Gerald
Changes since 1.2b9:
- Fixed a great security whole in CGI mode. Because Apache passes
anything after the first '?' to the cgi script as commandline
arguments, embpexec.pl could be tricked into offline mode, where
it returned any file that is readable by the httpd! So if you are
using CGI mode, I strongly recommend to update to 1.2b10.
Now you must use embpcgi.pl instead of embpexec.pl in CGI mode.
Spotted by Jason Holt.
- Added EMBPERL_ALLOW. If the file doesn't EMBPERL_ALLOW Embperl
will return forbidden. This is primarly another security
feature, because dependig on the way you use Embperl in CGI mode,
it will not honour all Apache access restrictions. With
EMBPERL_ALLOW, you can now force it to serve only certain
files. Suggested by Jason Holt.
- Fixed a problem that had occured with magic SVs (tied scalar)
as source for the Execute function. Spotted by Todd Eigenschink.
- Embperl works now with Apache::Session 0.17, 1.02 and 1.04
(1.03 is errornous)
- Fixed a SIGSEGV that occurs when the req_rec parameter of the
Execute functions gets a Apache::Request object instead of a
Apache object, which occured due to the different ways the
Apache internal request_rec is stored inside the object.
Spotted by Francis J. Lacoste.
- Fixed a SIGSEGV that occured when outputting to a scalar and
optReturnError is set. Spotted by Francis J. Lacoste.
- Added a ; after the begin block in startup.pl, which seems had
cause a syntax error in some situations. Spotted by Oyvind Gjerstad.
- exit now works the same in offline, mod_perl and cgi mode, it
ends the execution of the page, but not the programm itself.
- exit inside a sub will now really exit the page. (but exit inside
a file called via Execute will only exit this file, not the whole
request) Spotted by Cliff Rayman.
- Added new hash %http_headers_out which could be used to set arbitary
http header under mod_perl _and_ in cgi mode. "Location" header will
automaticly set status to 301.
- setting http headers and <META HTTP-EQUIV=..> now works also
in cgi mode.
- Session Handling now also works in CGI mode (needs
Apache::Session >= 1.04)
- ACTION attribute of Formtag is now URL en/decoded. Spotted by
Hartmut Palm.
---------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internet - Infodatenbanken - Apache - Perl - mod_perl - Embperl
E-Mail: [EMAIL PROTECTED] Tel: +49-6133/925151
WWW: http://www.ecos.de Fax: +49-6133/925152
---------------------------------------------------------------
