Package: thy
Version: 0.9.4-1
Severity: normal
According to the documentation:
* --options usercgi, -o usercgi
If one wants to allow users to run CGI applications from their
private directories, this option should be enabled.
According to the source (cgi.c line 658, function cgi_iscgi):
if (!fn && session->request->url[1] == '~' &&
config->options.usercgi == THY_BOOL_TRUE)
iscgi = 0;
First, the usercgi test is wrong, it should be
config->options.usercgi != THY_BOOL_TRUE.
Second, in my tests fn always points to the resolved pathname, so the
!fn test always fails. But I don't see why this test is relevant.
I replaced the code with the following, which seems to work correctly
here.
if (session->request->url[1] == '~' &&
config->options.usercgi != THY_BOOL_TRUE)
iscgi = 0;
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.7
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8)
Versions of packages thy depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii zlib1g 1:1.2.3-4 compression library - runtime
thy recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
