Re: CGI/1.1 draft

robm@ncsa.uiuc.edu (Rob McCool)

Mail folder: WWW Talk Jan 94-present
Next message: browne@cs.utk.edu: "Re: Stab in the dark"
Previous message: Dave_Raggett: "Re: Updated URI test suite; resolving some issues..."
Maybe in reply to: George Phillips: "Re: CGI/1.1 draft"
Reply: George Phillips: "Re: CGI/1.1 draft"

Errors-To: listmaster@www0.cern.ch
Date: Thu, 17 Mar 1994 15:28:30 --100
Message-id: <9403171422.AA09321@void.ncsa.uiuc.edu>
Errors-To: listmaster@www0.cern.ch
Reply-To: robm@ncsa.uiuc.edu
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: robm@ncsa.uiuc.edu (Rob McCool)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: CGI/1.1 draft
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1621

/*
 * Re: CGI/1.1 draft  by George Phillips  (Tel (604)-822-4230)
 *    written on Mar 16,  1:23pm.
 *
 * >I don't agree. I think that with dummy inputs available in forms, we can
 * >finally move away from using PATH_INFO to convey state information to
 * >scripts and go back to using them for their intended purpose: To allow
 * >scripts to access the server's virtual->physical translation and access
 * >authorization for auxillary files. If you're using filenames in PATH_INFO
 * >then you don't have to escape the information, and if you have it as dummy
 * >inputs in a form then your data is already escaped anyway.
 * 
 * I agree that PATH_INFO is not the right place for user input, but
 * PATH_INFO is something generated by the script for use by the script.
 * The server shouldn't be touching it.  It shouldn't even have any
 * idea if % or some other escaping is done on the information there.
 * As long as there are no bad characters in it, it just doesn't matter.

But it does touch it... it has to make PATH_TRANSLATED.

 * I certainly don't agree with your idea of the intended purpose of
 * CGI scripts.  I use them all the time for dynamically translating
 * data into browser-understandable formats (like HTML).  Input
 * forms and searches are just one possible use.
 */

I didn't say anything about the purpose of CGI scripts. I said something
about the intended purpose of PATH_INFO. I use CGI for much more than forms
too, and in the future these other uses will become very important. I just
don't think that having binary data in PATH_INFO is either a good idea or
a necessary action.

--Rob