diff options
author | Felix Fietkau <nbd@openwrt.org> | 2006-11-25 02:28:17 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2006-11-25 02:28:17 +0000 |
commit | 815c894068009f41486bcdb2accc8faf3bc26ff1 (patch) | |
tree | e17376f9e49c32dd22e1bdabc5ae6a1004eb85c7 | |
parent | d5212134de3f04fdeed89a3cbf37bc244932d18b (diff) | |
download | master-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.tar.gz master-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.tar.bz2 master-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.zip |
haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/haserl/patches/100-cookie_prefix.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/package/haserl/patches/100-cookie_prefix.patch b/package/haserl/patches/100-cookie_prefix.patch new file mode 100644 index 0000000000..abd19bcb43 --- /dev/null +++ b/package/haserl/patches/100-cookie_prefix.patch @@ -0,0 +1,20 @@ +diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c +--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100 ++++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100 +@@ -74,6 +74,7 @@ + token_t /*@null@*/ *token_list = NULL; + + char global_variable_prefix[] = HASERL_VAR_PREFIX; ++char cookie_variable_prefix[] = "COOKIE_"; + int global_subshell_pipe[4]; + int global_subshell_pid; + int global_subshell_died = 0; +@@ -221,7 +222,7 @@ + while (token) { + // skip leading spaces + while ( token[0] == ' ' ) { token++; } +- myputenv(token, global_variable_prefix); ++ myputenv(token, cookie_variable_prefix); + token=strtok(NULL, ";"); + } + free (qs); |