MESSAGE
| DATE | 2013-03-22 |
| FROM | Elfen Magix
|
| SUBJECT | Re: [NYLXS - HANGOUT] yabb
|
From owner-hangout-outgoing-at-mrbrklyn.com Fri Mar 22 14:44:19 2013
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix)
id 6B318161CAA; Fri, 22 Mar 2013 14:44:19 -0400 (EDT)
Delivered-To: hangout-outgoing-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 28)
id 589B8161CAC; Fri, 22 Mar 2013 14:44:19 -0400 (EDT)
Delivered-To: hangout-at-mrbrklyn.com
Received: from nm13-vm4.bullet.mail.ne1.yahoo.com (nm13-vm4.bullet.mail.ne1.yahoo.com [98.138.91.173])
by mrbrklyn.com (Postfix) with ESMTP id 837BC161CAA
for ; Fri, 22 Mar 2013 14:44:18 -0400 (EDT)
Received: from [98.138.90.49] by nm13.bullet.mail.ne1.yahoo.com with NNFMP; 22 Mar 2013 18:44:17 -0000
Received: from [98.138.89.246] by tm2.bullet.mail.ne1.yahoo.com with NNFMP; 22 Mar 2013 18:44:17 -0000
Received: from [127.0.0.1] by omp1060.mail.ne1.yahoo.com with NNFMP; 22 Mar 2013 18:44:17 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 278646.19278.bm-at-omp1060.mail.ne1.yahoo.com
Received: (qmail 76615 invoked by uid 60001); 22 Mar 2013 18:44:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1363977857; bh=A68/BW7ZY7nKNSg6CFfmH9ioV7ViY/iJ2b6hNwTtE5c=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=x6ouoPvhNYveV3CzGNJFpG9ttE1xVPPElksctO7/rI8fwHNU0Asf9AD61TqZPwPdGFnJIPKnBADmo8lAoRvuFY0NuvH0fu6HDHv/VdPABy3f3kC5lH+x4LL24xZ8LubKQOojcErZqoQMU3W7mWYEKu0eCGLQ2NW8uGCbikKNm4k=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=fCruoKIzuwZgXjijokotMF/QXP3UWCcSriRJ7afYyAhJ8Uibu1/9ICOlG6VdM0vh4M7IMfvc4RG51wL4gSecLoPPFLdQuUMJwnXULptHFbfG272rnwL1RsYcyrTdaVLNpOqjgy68bDSrMfSJINOQxo8iwDf3FI2HdYgw8ZITdkQ=;
X-YMail-OSG: SE_RR2oVM1loa_jHKqD04e_D28C_3nf1qbNlCgJzJJEAq.Y
KPFILGQbgIktmWAc19qCasIGZevBnN_7lQfHSo04HqZ4Db5ZpdMF9kwYa_Dz
G_jp7HdXCVxHLxiont0PRbeu0L_YMJB0my0YXHI8BQuoVYThOsttO1mfWH_Y
pk2rhYvdYnKGHXDUA6BnNQFi0XDB5yfDYibF_LaaRy8XFe76OuP_mZDDHiL4
wQ1d9A9LLt7mgQ8Flvs6ePOX_ilShCIxnatS63911MSKKey54Alo74jZTDL1
KU5_snEXJEs7mO1IuTjaXny7H30iif4uo8Yor0FzI_l313QQMepgAg_vd5tD
52qV5ZzR1YJ0QnzWFTb_MiIJehB0siLmqLYO2i_suwhrPJMeE5Cnjk4y.8Km
oaIuBV1k2D3PZXuuN37Z5ESK1Sy7uw.drgxR6vy29lFjQt57mojBmL8Q4R9R
bSX2DnNadk5qv0fYbpCik_ZyQ9.ZKG27ugLR3vGj5j.uGHkeBoLDHCdCyAf8
GxueKa_RUj.5LcDPSR7e2wGWF9HBxmgXFV5yXv1fJzhuSfettSuUdFeGwGT7
3Fp48AGhC2.RJOuFkk6xn25bn96cNz.1c6l._F3ugiipCPTdtXACrVOYF4DX
dlS604hv50F1CXl0rSHMjx_vkVn5KMuquoJwon_mBC4MsxjwLwIfh4ODXG1J
lk87JmExbrhGaIRNUMjbjOGNWgSM6imHx7wJMB6LNF2Jo98V.Vh.feZ96Opf
ZMXpLF1SQb9.hVbOBVYooX9GNBPMYcVaPQzjZgnOUF4loYpI4zZ2BJKYZ8qP
3ST4ip_X1e6xAqConzDBS93VD
Received: from [65.88.88.63] by web120103.mail.ne1.yahoo.com via HTTP; Fri, 22 Mar 2013 11:44:16 PDT
X-Rocket-MIMEInfo: 002.001,SWYgeW91IHdhbnQgTW9kIFJld3JpdGUgUnVsZXMsIHlvdSBhcmUgZ29pbmcgdG8gbmVlZCB0byBrbm93IHdoZXJlIHRoZSBmaWxlcyBhcmUuDQpUbyBzb3J0IHRoaXMgY3JhemluZXNzIG91dCB5b3UgaGF2ZSB0byBmaWd1cmUgd2hlcmUgdGhlIGJvYXJkIGFyZS4gVGhhdCBpcyBpbiBjZ2ktYmluL0JvYXJkcy5odHRwOi8vd3d3LmhvbmRvc2Fja2V0dC5jb20veWFiYi9ZYUJCLnBsP2JvYXJkPXNpZ25wb3N0DQpCdXQgdGhlIHRocmVhZHMgYXJlIGxpc3RlZCBieSBkYXRlIGNyZWF0ZWQgaW4gZWFjaCBib2FyZCABMAEBAQE-
X-Mailer: YahooMailClassic/15.1.7 YahooMailWebService/0.8.138.524
Message-ID: <1363977856.71992.YahooMailClassic-at-web120103.mail.ne1.yahoo.com>
Date: Fri, 22 Mar 2013 11:44:16 -0700 (PDT)
From: Elfen Magix
Subject: Re: [NYLXS - HANGOUT] yabb
To: hangout-at-mrbrklyn.com
In-Reply-To: <20130320150344.GA2137-at-panix.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-955686164-1605772490-1363977856=:71992"
Sender: owner-hangout-at-mrbrklyn.com
Precedence: bulk
Reply-To: hangout-at-mrbrklyn.com
---955686164-1605772490-1363977856=:71992
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
If you want Mod Rewrite Rules, you are going to need to know where the file=
s are.
To sort this craziness out you have to figure where the board are. That is =
in cgi-bin/Boards.http://www.hondosackett.com/yabb/YaBB.pl?board=3Dsignpost
But the threads are listed by date created in each board file in the Boards=
Directory. Adding to the insanity, the threads are in their own directory/=
folder called "Messages" and there are two files to go with it - the .txt f=
ile which is the actual thread and the .ctb which is an index of that file =
(who started it, when, what permissions are allowed, etc.) and keeps track =
of the thread added posts.
Within Yabb, all this is figured out with several perl files, including Yab=
b.pl.
To do a simple rewrite mod for YaBB, you need to convert from the cgi-bin t=
o without it.I'm guessing it would be:RewriteRule ^cgi-bin/YaBB.pl$ YaBB=
/$Dont count on it for it may look like it, it is not the answer.See: http:=
//httpd.apache.org/docs/2.0/misc/rewriteguide.htmland: http://httpd.apache.=
org/docs/current/mod/mod_rewrite.html- and search 'cgi' within the document=
s.
--- On Wed, 3/20/13, Ruben Safir wrote:
From: Ruben Safir
Subject: Re: [NYLXS - HANGOUT] yabb
To: hangout-at-mrbrklyn.com
Date: Wednesday, March 20, 2013, 11:03 AM
On Wed, Mar 20, 2013 at 09:38:30AM -0400, David Sugar wrote:
> Isn't this what the existing apache uri rewrite rules/module is also norm=
ally
> used for, to do translations between uri paths and cgi arguments?=A0 I re=
call
> mediawiki can use rewrite rules to normalize document paths to feed the c=
ore
> app.=A0 Why do they have/want to do it differently than anyone else has?
> Doing it as a kind of redirect just seems bizaare to me.=A0 But I have he=
ard
> equally bizzare things recently, like people insisting that file managers
> should now only present case insensitive file ordering, when of course th=
e
> native file system is and always have been case sensitive...
I'd have to look at the specifics of what your refering to, but while in
the Pharmacy, the essential difference would be regular expression
mapping wbich would be a fairly large security hole for a standard
setup, or any set up with usage of an .htaccess file.=A0 It would allow
for anyone to inject anything at all into cgi as a get statement.=20
Ruben
>=20
> Ruben Safir wrote:
>=20
> > This is an example of something that is just a PIA to churn through,
> > partly because these idiots are splicing an ISII crapolla fix into
> > their "documentations", and secondly because assume your sitting on
> > someone elses webserver, rather than your own, and thirdly because=20
> > they believe that your apache set up has a rather rare and somewhat
> > insecure module installed for RedirectMatchUrl, and then ...
> >=20
> > their last instruction fails to identify what the hell the code is
> > for!=A0 Is it httpd.conf?=A0 Is it perl code to drop into the applicati=
on?
> >=20
> > The who concept is to redirect a static uri like
> >=20
> > http://www.myuri.com/messages/some_numbers_as_arguments
> >=20
> > to their cgi engine automaticaly, to be translated to look
> > internally as something like this:
> >=20
> >=A0=20
> > http://www.myuri.com/cgi-bin/yabb.pl?some_numbers_as_arguments
> >=20
> >=20
> > It would be just simpler to drop down to mod_perl and add it as a
> > script into the apache calls under the URI of=20
> >=20
> > http://www.myuri.com/messages/=20
> >=20
> > and be done with it....
> >=20
> > The whole discussion of symbolic links to directories is just confussin=
g
> > the issue.=A0 There doesn't need to be any real directory when the serv=
er
> > is picking up that uri and handling it entirely within the apache
> > engine.
> >=20
> > Ruben
> >=20
---955686164-1605772490-1363977856=:71992
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
top" style=3D"font: inherit;">If you want Mod Rewrite Rules, you are going =
to need to know where the files are.
To sort this crazin= ess out you have to figure where the board are. That is in cgi-bin/Boards.<= /div> http://www.hondosackett.com/yabb/YaBB.pl?board=3Dsignpost iv>
But the threads are listed by date created in each board =
file in the Boards Directory. Adding to the insanity, the threads are in th=
eir own directory/folder called "Messages" and there are two files to go wi=
th it - the .txt file which is the actual thread and the .ctb which is an i=
ndex of that file (who started it, when, what permissions are allowed, etc.=
) and keeps track of the thread added posts.
Withi=
n Yabb, all this is figured out with several perl files, including Yabb.pl.=
To do a simple rewrite mod for YaBB, you need to
convert from the cgi-bin to without it. I'm guessing it would be=
: RewriteRule ^cgi-bin/YaBB.pl$ YaBB/$ Dont cou=
nt on it for it may look like it, it is not the answer. See: http=
://httpd.apache.org/docs/2.0/misc/rewriteguide.html and: http://h=
ttpd.apache.org/docs/current/mod/mod_rewrite.html - and search 'c=
gi' within the documents.
--- On Wed, 3/2=
0/13, Ruben Safir <mrbrklyn-at-panix.com> wrote: te style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padd=
ing-left: 5px;">
From: Ruben Safir <mrbrklyn-at-panix.com>
Subject=
: Re: [NYLXS - HANGOUT] yabb
To: hangout-at-mrbrklyn.com
Date: Wednesday=
, March 20, 2013, 11:03 AM
On Wed, Mar 20, = 2013 at 09:38:30AM -0400, David Sugar wrote: > Isn't this what the ex= isting apache uri rewrite rules/module is also normally > used for, to do translations between uri paths and cgi arguments? I recal= l > mediawiki can use rewrite rules to normalize document paths to fe= ed the core > app. Why do they have/want to do it differently t= han anyone else has? > Doing it as a kind of redirect just seems biza= are to me. But I have heard > equally bizzare things recently, = like people insisting that file managers > should now only present ca= se insensitive file ordering, when of course the > native file system= is and always have been case sensitive... I'd have to look at the s= pecifics of what your refering to, but while in the Pharmacy, the essent= ial difference would be regular expression mapping wbich would be a fair= ly large security hole for a standard setup, or any set up with usage of= an .htaccess file. It would allow for anyone to inject anything a= t all into cgi as a get statement. Ruben > > Ruben Safir wrote: > > > This is an example of so= mething that is just a PIA to churn through, > > partly because th= ese idiots are splicing an ISII crapolla fix into > > their "docum= entations", and secondly because assume your sitting on > > someon= e elses webserver, rather than your own, and thirdly because > > = they believe that your apache set up has a rather rare and somewhat >= > insecure module installed for RedirectMatchUrl, and then ... > = > > > their last instruction fails to identify what the hell t= he code is > > for! Is it httpd.conf? Is it perl code = to drop into the application? > > > > The who concept is= to redirect a static uri like > > > > /www.myuri.com/messages/some_numbers_as_arguments" target=3D"_blank">http:/=
/www.myuri.com/messages/some_numbers_as_arguments> > > > to their cgi engine automaticaly, to be translated to look r>> > internally as something like this:
> >
> >&n=
bsp;
> > bers_as_arguments" target=3D"_blank">http://www.myuri.com/cgi-bin/yabb.pl?s=
ome_numbers_as_arguments
> >
> >
> > It wo=
uld be just simpler to drop down to mod_perl and add it as a
> > s=
cript into the apache calls under the URI of
> >
> > href=3D"http://www.myuri.com/messages/" target=3D"_blank">http://www.myuri=
.com/messages/
> >
> > and be done with it....
&=
gt; >
> > The whole discussion of symbolic links to directorie=
s is just confussing
> > the issue. There doesn't need to be=
any real directory when the server
> > is picking up that uri and=
handling it entirely within the apache
> > engine.
> >
> > Ruben
> >
| table>
---955686164-1605772490-1363977856=:71992--
---955686164-1605772490-1363977856=:71992
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
If you want Mod Rewrite Rules, you are going to need to know where the file=
s are.
To sort this craziness out you have to figure where the board are. That is =
in cgi-bin/Boards.http://www.hondosackett.com/yabb/YaBB.pl?board=3Dsignpost
But the threads are listed by date created in each board file in the Boards=
Directory. Adding to the insanity, the threads are in their own directory/=
folder called "Messages" and there are two files to go with it - the .txt f=
ile which is the actual thread and the .ctb which is an index of that file =
(who started it, when, what permissions are allowed, etc.) and keeps track =
of the thread added posts.
Within Yabb, all this is figured out with several perl files, including Yab=
b.pl.
To do a simple rewrite mod for YaBB, you need to convert from the cgi-bin t=
o without it.I'm guessing it would be:RewriteRule ^cgi-bin/YaBB.pl$ YaBB=
/$Dont count on it for it may look like it, it is not the answer.See: http:=
//httpd.apache.org/docs/2.0/misc/rewriteguide.htmland: http://httpd.apache.=
org/docs/current/mod/mod_rewrite.html- and search 'cgi' within the document=
s.
--- On Wed, 3/20/13, Ruben Safir wrote:
From: Ruben Safir
Subject: Re: [NYLXS - HANGOUT] yabb
To: hangout-at-mrbrklyn.com
Date: Wednesday, March 20, 2013, 11:03 AM
On Wed, Mar 20, 2013 at 09:38:30AM -0400, David Sugar wrote:
> Isn't this what the existing apache uri rewrite rules/module is also norm=
ally
> used for, to do translations between uri paths and cgi arguments?=A0 I re=
call
> mediawiki can use rewrite rules to normalize document paths to feed the c=
ore
> app.=A0 Why do they have/want to do it differently than anyone else has?
> Doing it as a kind of redirect just seems bizaare to me.=A0 But I have he=
ard
> equally bizzare things recently, like people insisting that file managers
> should now only present case insensitive file ordering, when of course th=
e
> native file system is and always have been case sensitive...
I'd have to look at the specifics of what your refering to, but while in
the Pharmacy, the essential difference would be regular expression
mapping wbich would be a fairly large security hole for a standard
setup, or any set up with usage of an .htaccess file.=A0 It would allow
for anyone to inject anything at all into cgi as a get statement.=20
Ruben
>=20
> Ruben Safir wrote:
>=20
> > This is an example of something that is just a PIA to churn through,
> > partly because these idiots are splicing an ISII crapolla fix into
> > their "documentations", and secondly because assume your sitting on
> > someone elses webserver, rather than your own, and thirdly because=20
> > they believe that your apache set up has a rather rare and somewhat
> > insecure module installed for RedirectMatchUrl, and then ...
> >=20
> > their last instruction fails to identify what the hell the code is
> > for!=A0 Is it httpd.conf?=A0 Is it perl code to drop into the applicati=
on?
> >=20
> > The who concept is to redirect a static uri like
> >=20
> > http://www.myuri.com/messages/some_numbers_as_arguments
> >=20
> > to their cgi engine automaticaly, to be translated to look
> > internally as something like this:
> >=20
> >=A0=20
> > http://www.myuri.com/cgi-bin/yabb.pl?some_numbers_as_arguments
> >=20
> >=20
> > It would be just simpler to drop down to mod_perl and add it as a
> > script into the apache calls under the URI of=20
> >=20
> > http://www.myuri.com/messages/=20
> >=20
> > and be done with it....
> >=20
> > The whole discussion of symbolic links to directories is just confussin=
g
> > the issue.=A0 There doesn't need to be any real directory when the serv=
er
> > is picking up that uri and handling it entirely within the apache
> > engine.
> >=20
> > Ruben
> >=20
---955686164-1605772490-1363977856=:71992
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
top" style=3D"font: inherit;">If you want Mod Rewrite Rules, you are going =
to need to know where the files are.
To sort this crazin= ess out you have to figure where the board are. That is in cgi-bin/Boards.<= /div> http://www.hondosackett.com/yabb/YaBB.pl?board=3Dsignpost iv>
But the threads are listed by date created in each board =
file in the Boards Directory. Adding to the insanity, the threads are in th=
eir own directory/folder called "Messages" and there are two files to go wi=
th it - the .txt file which is the actual thread and the .ctb which is an i=
ndex of that file (who started it, when, what permissions are allowed, etc.=
) and keeps track of the thread added posts.
Withi=
n Yabb, all this is figured out with several perl files, including Yabb.pl.=
To do a simple rewrite mod for YaBB, you need to
convert from the cgi-bin to without it. I'm guessing it would be=
: RewriteRule ^cgi-bin/YaBB.pl$ YaBB/$ Dont cou=
nt on it for it may look like it, it is not the answer. See: http=
://httpd.apache.org/docs/2.0/misc/rewriteguide.html and: http://h=
ttpd.apache.org/docs/current/mod/mod_rewrite.html - and search 'c=
gi' within the documents.
--- On Wed, 3/2=
0/13, Ruben Safir <mrbrklyn-at-panix.com> wrote: te style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padd=
ing-left: 5px;">
From: Ruben Safir <mrbrklyn-at-panix.com>
Subject=
: Re: [NYLXS - HANGOUT] yabb
To: hangout-at-mrbrklyn.com
Date: Wednesday=
, March 20, 2013, 11:03 AM
On Wed, Mar 20, = 2013 at 09:38:30AM -0400, David Sugar wrote: > Isn't this what the ex= isting apache uri rewrite rules/module is also normally > used for, to do translations between uri paths and cgi arguments? I recal= l > mediawiki can use rewrite rules to normalize document paths to fe= ed the core > app. Why do they have/want to do it differently t= han anyone else has? > Doing it as a kind of redirect just seems biza= are to me. But I have heard > equally bizzare things recently, = like people insisting that file managers > should now only present ca= se insensitive file ordering, when of course the > native file system= is and always have been case sensitive... I'd have to look at the s= pecifics of what your refering to, but while in the Pharmacy, the essent= ial difference would be regular expression mapping wbich would be a fair= ly large security hole for a standard setup, or any set up with usage of= an .htaccess file. It would allow for anyone to inject anything a= t all into cgi as a get statement. Ruben > > Ruben Safir wrote: > > > This is an example of so= mething that is just a PIA to churn through, > > partly because th= ese idiots are splicing an ISII crapolla fix into > > their "docum= entations", and secondly because assume your sitting on > > someon= e elses webserver, rather than your own, and thirdly because > > = they believe that your apache set up has a rather rare and somewhat >= > insecure module installed for RedirectMatchUrl, and then ... > = > > > their last instruction fails to identify what the hell t= he code is > > for! Is it httpd.conf? Is it perl code = to drop into the application? > > > > The who concept is= to redirect a static uri like > > > > /www.myuri.com/messages/some_numbers_as_arguments" target=3D"_blank">http:/=
/www.myuri.com/messages/some_numbers_as_arguments> > > > to their cgi engine automaticaly, to be translated to look r>> > internally as something like this:
> >
> >&n=
bsp;
> > bers_as_arguments" target=3D"_blank">http://www.myuri.com/cgi-bin/yabb.pl?s=
ome_numbers_as_arguments
> >
> >
> > It wo=
uld be just simpler to drop down to mod_perl and add it as a
> > s=
cript into the apache calls under the URI of
> >
> > href=3D"http://www.myuri.com/messages/" target=3D"_blank">http://www.myuri=
.com/messages/
> >
> > and be done with it....
&=
gt; >
> > The whole discussion of symbolic links to directorie=
s is just confussing
> > the issue. There doesn't need to be=
any real directory when the server
> > is picking up that uri and=
handling it entirely within the apache
> > engine.
> >
> > Ruben
> >
| table>
---955686164-1605772490-1363977856=:71992--
 |
|
|
|
 |
|
|
