Re Patch E66, which adds an IncludesYesCGInoCMD
I don't think one should have to change ones config files to allow #include
cgi scripts, as the security risk is low.
I would rather Includes and IncludesNOEXEC allow #include of cgi scripts,
and instead create a IncludesNOEXECCGI which disallowed both #cmd _and_
#include of a cgi script. I don't think many people would need to use it,
although they might use it out of paranoia.
David.
I don't think one should have to change ones config files to allow #include
cgi scripts, as the security risk is low.
I would rather Includes and IncludesNOEXEC allow #include of cgi scripts,
and instead create a IncludesNOEXECCGI which disallowed both #cmd _and_
#include of a cgi script. I don't think many people would need to use it,
although they might use it out of paranoia.
David.