1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 01:01:52 +02:00

haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nbd 2006-11-25 02:28:17 +00:00
parent 0b834fadd8
commit 07b35a4640

View File

@ -0,0 +1,20 @@
diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100
+++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100
@@ -74,6 +74,7 @@
token_t /*@null@*/ *token_list = NULL;
char global_variable_prefix[] = HASERL_VAR_PREFIX;
+char cookie_variable_prefix[] = "COOKIE_";
int global_subshell_pipe[4];
int global_subshell_pid;
int global_subshell_died = 0;
@@ -221,7 +222,7 @@
while (token) {
// skip leading spaces
while ( token[0] == ' ' ) { token++; }
- myputenv(token, global_variable_prefix);
+ myputenv(token, cookie_variable_prefix);
token=strtok(NULL, ";");
}
free (qs);