mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-27 18:35:55 +02:00
haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
0b834fadd8
commit
07b35a4640
20
package/haserl/patches/100-cookie_prefix.patch
Normal file
20
package/haserl/patches/100-cookie_prefix.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
|
||||
--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100
|
||||
+++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100
|
||||
@@ -74,6 +74,7 @@
|
||||
token_t /*@null@*/ *token_list = NULL;
|
||||
|
||||
char global_variable_prefix[] = HASERL_VAR_PREFIX;
|
||||
+char cookie_variable_prefix[] = "COOKIE_";
|
||||
int global_subshell_pipe[4];
|
||||
int global_subshell_pid;
|
||||
int global_subshell_died = 0;
|
||||
@@ -221,7 +222,7 @@
|
||||
while (token) {
|
||||
// skip leading spaces
|
||||
while ( token[0] == ' ' ) { token++; }
|
||||
- myputenv(token, global_variable_prefix);
|
||||
+ myputenv(token, cookie_variable_prefix);
|
||||
token=strtok(NULL, ";");
|
||||
}
|
||||
free (qs);
|
Loading…
Reference in New Issue
Block a user