27 lines
963 B
Diff
27 lines
963 B
Diff
From 614c6e18a734bd31a483abc2fa2faf217dcb81c3 Mon Sep 17 00:00:00 2001
|
|
From: Ervin Hegedus <airween@gmail.com>
|
|
Date: Sat, 24 May 2025 12:04:39 +0200
|
|
Subject: [PATCH] fix: add ARGS to sanitize list only if it's not added yet in
|
|
case of sanitizeArg
|
|
|
|
---
|
|
apache2/re_actions.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/apache2/re_actions.c b/apache2/re_actions.c
|
|
index 4a922d27f..febc4759e 100644
|
|
--- a/apache2/re_actions.c
|
|
+++ b/apache2/re_actions.c
|
|
@@ -1455,8 +1455,9 @@ static apr_status_t msre_action_sanitizeArg_execute(modsec_rec *msr, apr_pool_t
|
|
for (i = 0; i < tarr->nelts; i++) {
|
|
msc_arg *arg = (msc_arg *)telts[i].val;
|
|
|
|
- if (strcasecmp(sargname, arg->name) == 0) {
|
|
+ if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
|
|
apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
|
|
+ arg->marked_for_sanitization = 1;
|
|
}
|
|
}
|
|
|
|
|