209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
|
+
|
FOSSIL_NONCE environment variable.
<h3>3.1 Input Content</h3>
If the HTTP request includes content (for example if this is a POST request)
then the CONTENT_LENGTH value will be positive and the data for the content
will be readable on standard input.
<h2>4.0 CGI Outputs</h2>
CGI programs construct a reply by writing to standard output. The first
few lines of output are parameters intended for the web server that invoked
the CGI. These are followed by a blank line and then the content.
|
254
255
256
257
258
259
260
261
262
263
264
265
266
267
|
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
+
+
+
+
+
+
+
+
+
+
+
+
|
then Fossil will adds its own header and footer to the HTML. The
page title contained in the added header will be extracted from the
"data-title" attribute.
Except for the three cases noted above, Fossil makes no changes or
additions to the CGI-generated content. Fossil just passes the verbatim
content back up the stack towards the requester.
<h3>4.1 <tt>GATEWAY_INTERFACE</tt> and Recursive Calls to fossil</h3>
Like many CGI-aware applications, if fossil sees the environment
variable <tt>GATEWAY_INTERFACE</tt> when it starts up, it assumes it
is running in a CGI environment and behaves differently than when it
is run in a non-CGI interactive session. If you intend to run fossil
itself from within an extension CGI script, e.g. to run a query
against the repository or simply fetch the fossil binary version, make
sure to <em>unset</em> the <tt>GATEWAY_INTERFACE</tt> environment
variable before doing so, otherwise the invocation will behave as if
it's being run in CGI mode.
<h2>5.0 Filename Restrictions</h2>
For security reasons, Fossil places restrictions on the names of files
in the extroot directory that can participate in the extension CGI
mechanism:
|