mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-20 02:44:59 +02:00
haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
0b834fadd8
commit
07b35a4640
20
package/haserl/patches/100-cookie_prefix.patch
Normal file
20
package/haserl/patches/100-cookie_prefix.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
|
||||||
|
--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100
|
||||||
|
+++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100
|
||||||
|
@@ -74,6 +74,7 @@
|
||||||
|
token_t /*@null@*/ *token_list = NULL;
|
||||||
|
|
||||||
|
char global_variable_prefix[] = HASERL_VAR_PREFIX;
|
||||||
|
+char cookie_variable_prefix[] = "COOKIE_";
|
||||||
|
int global_subshell_pipe[4];
|
||||||
|
int global_subshell_pid;
|
||||||
|
int global_subshell_died = 0;
|
||||||
|
@@ -221,7 +222,7 @@
|
||||||
|
while (token) {
|
||||||
|
// skip leading spaces
|
||||||
|
while ( token[0] == ' ' ) { token++; }
|
||||||
|
- myputenv(token, global_variable_prefix);
|
||||||
|
+ myputenv(token, cookie_variable_prefix);
|
||||||
|
token=strtok(NULL, ";");
|
||||||
|
}
|
||||||
|
free (qs);
|
Loading…
Reference in New Issue
Block a user