[5145] in www-talk@info.cern.ch
Bug or Security Feature in Server reply?
daemon@ATHENA.MIT.EDU (Frank Majewski)
Thu Aug 11 04:40:12 1994
Date: Thu, 11 Aug 1994 10:35:45 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: fmajewsk@awi-bremerhaven.de
From: fmajewsk@awi-bremerhaven.de (Frank Majewski)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Hi,
I don't know if this is the right place....
I have written a CGI-script (at server-side, of course) which will answer
*WHERE* the client can find some files at its *LOCAL* side
(YES, this seems to be undelightful: WHY does a client has to ask the
server (which is not a "file"-server ;-)) where to find a file at local
side?
Well, because *REGARDING* to FORMS we don't have possibilities to
exec local script (shipped with the right parameter) at clientside...)
:-((
The CGI-script return an on_the_fly HTML with something like this:
<IMG ALIGN=MIDDLE ALT"the_local_GIF" SRC="file://localhost/../All_Pics/12.gif">
which should mean something like: go up one level of your current directory and
down to 'All_Pics' at your side (CD)
Passing this kind of HTML-code causes two tested clients (XMosaic 2.4 & MacWeb)
to look at server's URL (ie. its CGI-BIN-dir) for the file(s)!
You might say: "That's to be excepted, because the action-URL in the FORM becomes
the actual matching MAIN-URL!" but in my opinion this is a failure because *after*
starting the form you are not at server side any more but at client side (the
transmission has successfully ended), aren't you?
BTW: Saving the requested document and reloading local will work as supposed...
Any comments?
Frank Majewski
fmajewsk@awi-bremerhaven.de
