This might amuse the group; an example of why allowing allowing PATH_INFO is
bad for server-side includes:
The file /webroot/test.shtml contains
Hello <p>
<!-- #include virtual="msg.txt" -->
What happens when I access http://server/test.shtml/wibble ?
I get
Hello <p>
then it tries to include msg.txt, relative to /test.shtml/wibble ; this
is of course /test.shtml/msg.txt, so it includes itself! The output is
a long list like
Hello <p>
Hello <p>
Hello <p>
fortunately, it gives up after a while.
Ho hum.
David.
bad for server-side includes:
The file /webroot/test.shtml contains
Hello <p>
<!-- #include virtual="msg.txt" -->
What happens when I access http://server/test.shtml/wibble ?
I get
Hello <p>
then it tries to include msg.txt, relative to /test.shtml/wibble ; this
is of course /test.shtml/msg.txt, so it includes itself! The output is
a long list like
Hello <p>
Hello <p>
Hello <p>
fortunately, it gives up after a while.
Ho hum.
David.