#! /usr/bin/perl -wT # Remember that CGI programs have to close out the HTTP header # (with a pair of newlines), after giving the Content-type: # and any other relevant or available header information. # Unlike CGI programs running under Apache, CGI programs under Boa # should understand some simple HTTP options. The header (and the # double-newline) should not be printed if the incoming request was # in HTTP/0.9. Also, we should stop after the header if # REQUEST_METHOD == "HEAD". Under Apache, nph- programs also have # to worry about such stuff. # Feb 3, 2000 -- updated to support POST, and avoid passing # Malicious HTML Tags as described in CERT's CA-2000-02 advisory. # # 20 Aug 2002 -- Big internal changes, to support much more # than just a printout of the environment. Now the CGI can # do various, GET, isindex, and POST requests, and respond # to them as well. # 26 Sep 2002 -- Additional security paranoia by Landon Curt Noll # http://www.isthe.com/chongo/index.html # paranoia # delete $ENV{IFS}; delete $ENV{CDPATH}; delete $ENV{ENV}; delete $ENV{BASH_ENV}; #$ENV{PATH} = "/bin:/usr/bin"; $SIG{ALRM} = sub { die "\n
timeout on stdin