FSP Conceptual version

What is FSPC?

FSP Conceptual version (FSPC) is preview test tool for embedding *ONLY* /bin/sh script into web pages. It is 100% finished and stable, ready to wok, but is preview, because is made for *different* mission.

Please make sure you are understand:

(please go and see these pages for more information, go to http://core.nmmm.nu for information about CGI_Core)

Why FSPC was made?

FSPC was made for three different (or not so:) reasons:

1. Fixing bugs in HTSH tool

HTSH is clever, interesting tool, but is not so useful, when you try to do something very complicated with it, such as:

<`if [ "$name" = "nmmm" ]; then `>
<H1>Hello My Master</H1>

or such as:

   read a

x << input_file


HTSH is *unstable* and *secureles* too.

2. Testing XML parser library

This same library will be implement in next (rebuild) version of CGI_Core. It actually is not more than HTML parser library, but if you are interested, you are able to download FSPC and see it yourself.

3. "Make path" for FSP.

Of course this "path" is very *known*, but anyway it is not *bad* if we walk on it again and again...

What this program show us?

 I tell that this program trace the path of every CGI program, and as I tell this path is well known:

  1. (optional) Look after security
  2. (optional) Look after HEAD request method
  3. Why "HE" request me?
  4. Output Content-Type and header (This include cookies if any)
  6. Try DO NOT exit with code different by 0 :)
  7. Try to make all this *as fast as can*, CGI "live" must be less 1 min :)

THE_REAL_JOB is depending on what are you doing. For embedded scripting processors or similar, it is:

  1. (optional) Does HTML file exists? 
  2. Try to read it (don't forget to check for errors or for buffer overflow)
  3. In case error Output error message or some alike (blank screen) and *STOP*
  4. Preprocess it (go tag-by-tag and do something).
  5. Output preprocessed file.

What FSPC document look like?

<!-- demo 1 -->
<H1>The /etc/passwd contain</H1>
<Pre><%>cat /etc/passwd</%></Pre>
<!-- demo 2 -->
<%>if [ "$ENV_name" = "nmmm" ]; then</%>
<H1>Hello My Master!</H1>
<H1>Hello $ENV_name, nice to meet with you!</H1>

The text between <%> and </%> tags are interpreted as /bin/sh commands, all other text is interpreted as HTML (and will be part of one big "echo" or "printf", OF COURSE IT WILL BE WITH *PREPROCESSED* \" \' AND \`)

The tags can be "elastic" :)) such as:

<  %  >, <  /  %  >
<  %    param=value bla bla bla  >
<  /  % param=value bla bla bla  >

Still with us? Installation

Installation is same as every standard handler of web server. As you know this depends on your HTTPd. There are instructions for Apache HTTPd:

  1. Copy executable in your cgi-bin directory.
  2. Add following lines into Apache configuration file (httpd.conf for example)
  3. Look at source and *Think* about security.
AddType text/fspc .fspc
Action  text/fspc /cgi-bin/fspc


Get it from HERE (70 KB, *.tar.gz)

Some tips.

Copyleft 10.1999, FSP Development team
"Nikolay Mijaylov" <nmmm@nmmm.nu>