haserl: use a different prefix for cookie variables to prevent form variable injectio...
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Sat, 25 Nov 2006 02:28:17 +0000 (02:28 +0000)
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Sat, 25 Nov 2006 02:28:17 +0000 (02:28 +0000)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/haserl/patches/100-cookie_prefix.patch [new file with mode: 0644]

diff --git a/package/haserl/patches/100-cookie_prefix.patch b/package/haserl/patches/100-cookie_prefix.patch
new file mode 100644 (file)
index 0000000..abd19bc
--- /dev/null
@@ -0,0 +1,20 @@
+diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
+--- haserl.old/src/haserl.c    2004-11-10 18:59:35.000000000 +0100
++++ haserl.dev/src/haserl.c    2006-11-25 03:24:31.000000000 +0100
+@@ -74,6 +74,7 @@
+ token_t       /*@null@*/ *token_list = NULL;
+ char  global_variable_prefix[] = HASERL_VAR_PREFIX;
++char  cookie_variable_prefix[] = "COOKIE_";
+ int   global_subshell_pipe[4];
+ int   global_subshell_pid;
+ int   global_subshell_died = 0;
+@@ -221,7 +222,7 @@
+       while (token) {
+               // skip leading spaces 
+               while ( token[0] == ' ' ) { token++; }
+-              myputenv(token, global_variable_prefix);
++              myputenv(token, cookie_variable_prefix);
+               token=strtok(NULL, ";");
+               }
+       free (qs);
This page took 0.024805 seconds and 4 git commands to generate.