aboutsummaryrefslogtreecommitdiffstats
path: root/package/haserl/patches/100-cookie_prefix.patch
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2006-11-25 02:28:17 +0000
committerFelix Fietkau <nbd@openwrt.org>2006-11-25 02:28:17 +0000
commit815c894068009f41486bcdb2accc8faf3bc26ff1 (patch)
treee17376f9e49c32dd22e1bdabc5ae6a1004eb85c7 /package/haserl/patches/100-cookie_prefix.patch
parentd5212134de3f04fdeed89a3cbf37bc244932d18b (diff)
downloadmaster-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.tar.gz
master-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.tar.bz2
master-187ad058-815c894068009f41486bcdb2accc8faf3bc26ff1.zip
haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5638 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/haserl/patches/100-cookie_prefix.patch')
-rw-r--r--package/haserl/patches/100-cookie_prefix.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/package/haserl/patches/100-cookie_prefix.patch b/package/haserl/patches/100-cookie_prefix.patch
new file mode 100644
index 0000000000..abd19bcb43
--- /dev/null
+++ b/package/haserl/patches/100-cookie_prefix.patch
@@ -0,0 +1,20 @@
+diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
+--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100
++++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100
+@@ -74,6 +74,7 @@
+ token_t /*@null@*/ *token_list = NULL;
+
+ char global_variable_prefix[] = HASERL_VAR_PREFIX;
++char cookie_variable_prefix[] = "COOKIE_";
+ int global_subshell_pipe[4];
+ int global_subshell_pid;
+ int global_subshell_died = 0;
+@@ -221,7 +222,7 @@
+ while (token) {
+ // skip leading spaces
+ while ( token[0] == ' ' ) { token++; }
+- myputenv(token, global_variable_prefix);
++ myputenv(token, cookie_variable_prefix);
+ token=strtok(NULL, ";");
+ }
+ free (qs);