#exec

The #exec directive instructs the Web server to run the specified application or shell command and send the output (standard output or ISAPI WriteClient data) to the client browser. You must surround a directive with HTML comment delimiters.

This directive can be used only in HTML pages; it cannot be used in ASP pages.

Syntax

Parameters

CommandType

Specifies the type of command. The command type can be one of the following:

Command Type	Meaning
CGI	Runs an application, such as a CGI script, ASP application, or ISAPI application. The CommandDescription parameter is a string that contains the virtual path of the application, followed by a question mark (?) and any parameters passed to the application. Parameters are separated by plus signs (+). Because running an ISAPI application is only part of processing the SSI document, an ISAPI application is restricted as follows: Any application attempting to send a URL or redirect through ServerSupportFunction will cause a message to be placed in the HTML stream, but the send-redirect will not be performed. The SSI interpreter (Ssinc.dll) will wait indefinitely for applications returning HSE_STATUS_PENDING unless ServerSupportFunction is called to finish the session.
CMD	Runs a shell command. The CommandDescription parameter is a string that contains the full, physical path of the shell program, followed by any command-line parameters separated by spaces. If the full path is not specified, the Web server searches the system path. This directive is disabled by default because it poses a security risk to your Web site; for example, a user could run the format command to erase your hard disk. To enable it, add the SSIEnableCmdDirective entry to the registry and set the value to TRUE. For general information on using the registry, see Registry.

Command Type

Meaning

CGI

Runs an application, such as a CGI script, ASP application, or ISAPI application. The CommandDescription parameter is a string that contains the virtual path of the application, followed by a question mark (?) and any parameters passed to the application. Parameters are separated by plus signs (+). Because running an ISAPI application is only part of processing the SSI document, an ISAPI application is restricted as follows:

Any application attempting to send a URL or redirect through ServerSupportFunction will cause a message to be placed in the HTML stream, but the send-redirect will not be performed.
The SSI interpreter (Ssinc.dll) will wait indefinitely for applications returning HSE_STATUS_PENDING unless ServerSupportFunction is called to finish the session.

CMD

Runs a shell command. The CommandDescription parameter is a string that contains the full, physical path of the shell program, followed by any command-line parameters separated by spaces. If the full path is not specified, the Web server searches the system path. This directive is disabled by default because it poses a security risk to your Web site; for example, a user could run the format command to erase your hard disk. To enable it, add the SSIEnableCmdDirective entry to the registry and set the value to TRUE. For general information on using the registry, see Registry.

Remarks

The file containing the #exec directives must use a file name extension that is mapped to the SSI interpreter; otherwise, the Web server will not process the directives. By default, the extensions .stm, .shtm, and .shtml are mapped to the interpreter (Ssinc.dll). If you have Internet Service Manager installed, you can modify the default extension mappings and add new mappings; see Setting Application Mappings.

Allowing #exec directives in HTML documents poses a security risk. You can disable the use of #exec statements while still allowing files to contain the other SSI directives, such as #include. To disable #exec, modify the SSIExecDisable metabase property (see File Properties). For general information on using the metabase, see Metabase.

Examples

<!-- The following line invokes a guestbook program. -->
<!-- #exec cgi="/scripts/guestbook.exe?firstname+lastname" -->

<!-- The following line invokes W3test.dll. -->
<!-- #exec cgi="/scripts/w3test.dll?SimulatePendingIO" -->

<!-- The following line invokes the DOS RM command. -->
<!-- #exec cmd="c:\tools\mstools\rm.exe -?" -->