65 lines
2.1 KiB
Diff
65 lines
2.1 KiB
Diff
From e4f00c5eb71d8a7aa1f52b5279832986f669d463 Mon Sep 17 00:00:00 2001
|
|
From: Eric Covener <covener@apache.org>
|
|
Date: Mon, 1 Dec 2025 12:03:12 +0000
|
|
Subject: [PATCH] envvars from HTTP headers low precedence
|
|
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930163 13f79535-47bb-0310-9956-ffa450edef68
|
|
---
|
|
server/util_script.c | 26 +++++++++++++++++++++++---
|
|
1 file changed, 23 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/server/util_script.c b/server/util_script.c
|
|
index 72175e75824..6a18aec8c90 100644
|
|
--- a/server/util_script.c
|
|
+++ b/server/util_script.c
|
|
@@ -126,6 +126,8 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
|
|
}
|
|
}
|
|
for (i = 0; i < env_arr->nelts; ++i) {
|
|
+ int changed = 0;
|
|
+
|
|
if (!elts[i].key) {
|
|
continue;
|
|
}
|
|
@@ -133,18 +135,36 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
|
|
whack = env[j];
|
|
if (apr_isdigit(*whack)) {
|
|
*whack++ = '_';
|
|
+ changed = 1;
|
|
}
|
|
while (*whack != '=') {
|
|
#ifdef WIN32
|
|
- if (!apr_isalnum(*whack) && *whack != '(' && *whack != ')') {
|
|
+ if (!apr_isalnum(*whack) && *whack != '_' && *whack != '(' && *whack != ')') {
|
|
#else
|
|
- if (!apr_isalnum(*whack)) {
|
|
+ if (!apr_isalnum(*whack) && *whack != '_') {
|
|
#endif
|
|
*whack = '_';
|
|
+ changed = 1;
|
|
}
|
|
++whack;
|
|
}
|
|
- ++j;
|
|
+ if (changed) {
|
|
+ *whack = '\0';
|
|
+ /*
|
|
+ * If after cleaning up the key the key is identical to an existing key
|
|
+ * in the table drop this environment variable. This also prevents
|
|
+ * to override CGI reserved environment variables with variables whose
|
|
+ * names have an invalid character instead of '_', but are otherwise
|
|
+ * equal to the names CGI reserved environment variables.
|
|
+ */
|
|
+ if (!apr_table_get(t, env[j])) {
|
|
+ ++j;
|
|
+ *whack = '=';
|
|
+ }
|
|
+ }
|
|
+ else {
|
|
+ ++j;
|
|
+ }
|
|
}
|
|
|
|
env[j] = NULL;
|
|
|