Some SSI documentation from the Apaloosa book:

The exec command executes a given shell command or CGI script. OptionsIncludesNOEXEC disables this command completely.

usage:

<!--#exec cgi="somescript.cgi"-->
[download]

The value to the cgi attribute specifies a %-encoded URL relative path to the CGI script. If the path does not begin with a slash, it is taken to be relative to the current document. The document referenced by this path is invoked as a CGI script, even if the server would not normally recognize it as such. However, the directory containing the script must be enabled for CGI scripts (with ScriptAlias or the ExecCGI option). The protective wrapper suExec will be applied if it is turned on. The CGI script is given the PATH_INFO and query string (QUERY_STRING) of the original request from the client; these cannot be specified in the URL path. The include variables will be available to the script in addition to the standeard CGI environment. If the script returns a Location header instead of output this is translated into an HTML anchor. If Options IncludesNOEXEC is set in the Config file, this command is turned off. The include virtual element should be used in preference to exec cgi.

Now on to the exec cgi element:

include

Includes other Config files immediately at that point in parsing - right there and then, not later on. Any included file is subject to the usual access control. If the directory containing the parsed file has Options IncludesNOEXEC set and including the document causes a program to be executed, it isn't included: this prevents execution of CGI scripts. Otherwise, CGI scripts are invoked as normal using the complete URL given in the command, including any query string.

An attribute defines the location of the document; the inclusion is done for each attribute given to the include command. The valid attributes are as follows:

file

The value is a path relative to the directory containing the current document being parsed. It can't contain ../, nor can it be an absolute path. The virtual attribute should always be used in preference to this one.

virtual

The value is a %-encoded URL relative to the current document being parsed. The URL cannot contain a scheme or hostname, only a path and an optional query string. If it does not being with a slash, then it is taken to be relative to the current document. A URL is contructed from the attributes value, and the server returns the same output it would have if the client had requested that URL. Thus, included files can be nested. A CGI script can still be run by this method if Options IncludesNOEXEC is set in the Config file. The reasoning is that clients can run CGI anyway by using its URL as a hot link or simply by typing it into their browser, so no harm is done by using this method (unlike cmd or exec).




I hope this clears it up. Special thanks to Ben Laurie & Peter Laurie, the authors of the book.

J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/

if you use this make sure that the html file is a .shtml file

--BigJoe

This is setup-dependent. Some servers are set up to parse .html for includes. My ISP used to do it this way, until we started complaining at how slow the server was running...

On one of my servers, Apache uses .foo for includes, and .aigh for perl scripts. hehehe.

Paris Sinclair    |    4a75737420416e6f74686572
pariss@efn.org    |    205065726c204861636b6572
I wear my Geek Code on my finger.

chromatic was right about using a server side include, but it's probably worth pointing out that the image trick that you were trying _will_ work - but only if the content that your script creates is a valid image type.

That is, your script needs to return a header like "Content-Type: image/jpg" or "Content-Type: image/gif" instead of "Content-Type: text/html". You can do this pretty easily with CGI.pm in the header command.