File: README.Debian

package info (click to toggle)
cgiemail 1.6-36
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 348 kB
  • ctags: 113
  • sloc: ansic: 1,528; makefile: 134; sh: 34
file content (53 lines) | stat: -rw-r--r-- 2,303 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
README.Debian

Read this file before README.gz!

If you are installing cgiemail for the first time, it will be useful to
know that cgiemail works by filling out a template with information from
a web form.  These are the templates which are talked about later in
this document.

To preserve backward compatibility in fixing a script-reading security
hole, cgiemail will now work in either of two different modes.  In the
first, it acts just as it did before, which means that THE SECURITY HOLE
WILL REMAIN OPEN, and that you can just read README.gz and skip the rest
of this file.  

The second mode, in which the security vulnerability is fixed, is
triggered by the presence of the file /etc/cgiemail.conf.  That file
should contain only a line that looks something like this:

templatedir="/var/www/templates/"

(if the file cannot be parsed by cgiemail, or if the named directory
does not exist, no templates will be usable; this is a feature).  The
quotes are important.  Only one directory may be named, which is not a
feature but a bug.

The directory named in the configuration file must be accessible via the
web.  The only difference from cgiemail's behavior as described in
README.gz is that, rather than any web-accessible place, you must put
e-mail templates in this special directory.

To test:
 * Make sure that you have a correctly-formatted /etc/cgiemail.conf, and
   that the directory that is mentioned therein is web-accessible.
 * Copy /usr/share/doc/cgiemail/examples/testce.txt into that directory.
 * Copy /usr/share/doc/cgiemail/examples/testce.html into some
   web-accessible directory.  Mess with line 16 of that file so that the
   portion of the FORM action after "/cgi-bin/cgiemail" is the
   web-visible path to testce.txt.  For example,
   action="/cgi-bin/cgiemail/templates/testce.txt".
 * Access testce.html using the web.  Fill out the form and submit it.
   It should work.

If you have trouble, read README.gz and see if you still have trouble.  If you
do still have trouble, please try using the help resources that are named on
the cgiemail home page, <http://web.mit.edu/wwwdev/cgiemail/index.html>, before
you flood me with e-mails.

Have a nice day.
--
Thomas Smith <tgs@debian.org>

New Debian maintener: Anibal Monsalve Salazar <A.Monsalve.Salazar@IEEE.org>