The URL ftp://ftp.dev.ecos.de/pub/perl/embperl/HTML-Embperl-1.2b10.tar.gz has entered CPAN as file: $CPAN/authors/id/GRICHTER/HTML-Embperl-1.2b10.tar.gz size: 251896 bytes md5: b2f0eb3cace188fded36fdd1020b092e Embperl is a module for embedding Perl code in HTML pages. See http://perl.apache.org/embperl/ (english) or http://www.ecos.de/embperl/ (german) for more informations. The importantst change in this beta release, is a securty fix for cgi mode. If you are using Embperl as cgi, a should upgrade! Also I have adapted Embperl to Apache::Session 1.03 which Jeff has uploaded to CPAN. Unfortunately 1.03 contains some error so I have made an Apache::Session 1.04. As of this writing, Apache::Session 1.04 is still only available from ftp://ftp.dev.ecos.de/pub/perl/embperl/Apache-Session-1.04.tar.gz I hope Jeffery will make it soon availabe on CPAN. This is a pre-1.2 release and contains mostly bug fixes in preparation for the real 1.2 release, which is hopefully the next that comes out. I like to encourage everybody who is using Embperl, to test this version and let me know any problems you have, so I can fix them before 1.2 goes out. Gerald Changes since 1.2b9: - Fixed a great security whole in CGI mode. Because Apache passes anything after the first '?' to the cgi script as commandline arguments, embpexec.pl could be tricked into offline mode, where it returned any file that is readable by the httpd! So if you are using CGI mode, I strongly recommend to update to 1.2b10. Now you must use embpcgi.pl instead of embpexec.pl in CGI mode. Spotted by Jason Holt. - Added EMBPERL_ALLOW. If the file doesn't EMBPERL_ALLOW Embperl will return forbidden. This is primarly another security feature, because dependig on the way you use Embperl in CGI mode, it will not honour all Apache access restrictions. With EMBPERL_ALLOW, you can now force it to serve only certain files. Suggested by Jason Holt. - Fixed a problem that had occured with magic SVs (tied scalar) as source for the Execute function. Spotted by Todd Eigenschink. - Embperl works now with Apache::Session 0.17, 1.02 and 1.04 (1.03 is errornous) - Fixed a SIGSEGV that occurs when the req_rec parameter of the Execute functions gets a Apache::Request object instead of a Apache object, which occured due to the different ways the Apache internal request_rec is stored inside the object. Spotted by Francis J. Lacoste. - Fixed a SIGSEGV that occured when outputting to a scalar and optReturnError is set. Spotted by Francis J. Lacoste. - Added a ; after the begin block in startup.pl, which seems had cause a syntax error in some situations. Spotted by Oyvind Gjerstad. - exit now works the same in offline, mod_perl and cgi mode, it ends the execution of the page, but not the programm itself. - exit inside a sub will now really exit the page. (but exit inside a file called via Execute will only exit this file, not the whole request) Spotted by Cliff Rayman. - Added new hash %http_headers_out which could be used to set arbitary http header under mod_perl _and_ in cgi mode. "Location" header will automaticly set status to 301. - setting http headers and <META HTTP-EQUIV=..> now works also in cgi mode. - Session Handling now also works in CGI mode (needs Apache::Session >= 1.04) - ACTION attribute of Formtag is now URL en/decoded. Spotted by Hartmut Palm. --------------------------------------------------------------- Gerald Richter ecos electronic communication services gmbh Internet - Infodatenbanken - Apache - Perl - mod_perl - Embperl E-Mail: [EMAIL PROTECTED] Tel: +49-6133/925151 WWW: http://www.ecos.de Fax: +49-6133/925152 ---------------------------------------------------------------