haserl: use a different prefix for cookie variables to prevent form variable injection from other websites (potential security risk)

SVN-Revision: 5638
master
Felix Fietkau 18 years ago
parent 292be415a0
commit 9b6e2862b6
  1. 20
      package/haserl/patches/100-cookie_prefix.patch

@ -0,0 +1,20 @@
diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
--- haserl.old/src/haserl.c 2004-11-10 18:59:35.000000000 +0100
+++ haserl.dev/src/haserl.c 2006-11-25 03:24:31.000000000 +0100
@@ -74,6 +74,7 @@
token_t /*@null@*/ *token_list = NULL;
char global_variable_prefix[] = HASERL_VAR_PREFIX;
+char cookie_variable_prefix[] = "COOKIE_";
int global_subshell_pipe[4];
int global_subshell_pid;
int global_subshell_died = 0;
@@ -221,7 +222,7 @@
while (token) {
// skip leading spaces
while ( token[0] == ' ' ) { token++; }
- myputenv(token, global_variable_prefix);
+ myputenv(token, cookie_variable_prefix);
token=strtok(NULL, ";");
}
free (qs);
Loading…
Cancel
Save