$Id: README,v 1.4 2004/12/14 18:12:59 nangel Exp $

haserl (Html And Shell Embedded Runtime Language) is a cgi 
program that runs interpreted scripts.   It combines three 
elements into a single CGI interpreter:

1. It parses POST and GET requests, placing form-elements as name=value
pairs into the environment for the CGI script to use. It is similar
to uncgi (http://www.midwinter.com/~koreth/uncgi.html) in this respect

2. It prints the contents of the script as html, and conditionally
interpets text within <? ... ?> as shell script.  In this case haserl 
scripts are like a poor-man's version of PHP (http://www.php.net)

3. It is very small, and so can be used in embedded environments

# SECURITY ADVISORY #######################################

As of version 0.6.0, haserl adds a variable prefix to all
variables sent from the client.  This defaults to US_, but can
be set to anything with the --enable-variable-prefix=
configure command.

If you want to use the old way of doing things, you must
disable this feature with --disable-variable-prefix

--

As of version 0.7.0, haserl will attempt to set its uid/gid
to the owner/group of the /script/ it is running as.  This is
similar to Apache's suexec feature.  Haserl must be installed
suid root root for this to work:
	#chown root:root haserl
	#chmod 6755 haserl
This may not work on non-Linux OSses, BSD, OSX, etc. 

! haserl is NOT installed suid root by default, you must do this
yourself. !

--

As of version 0.7.0, haserl will REFUSE to accept file uploads
to /tmp if a "u" does not appear on the script command line:

#!/usr/local/bin/haserl -u
#!/usr/local/bin/haserl uploads-ok
#!/usr/local/bin/haserl u

will all work, although the first case is prefered.   



