openmamba/autodist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

webbuild-functions: filter web server REMOTE_* variables in cgi_getvars function for security

Browse Source
This commit is contained in:
Silvan Calarco 2013-05-21 16:40:40 +02:00
parent e0f9129ac5
commit 8fa299b2f2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webbuild/webbuild-functions
View File

@ -136,6 +136,7 @@ function cgi_getvars()
p=`echo $q | sed "s|&.*||"` p=`echo $q | sed "s|&.*||"`
q=`echo $q | sed "s|[^&]*&||"` q=`echo $q | sed "s|[^&]*&||"`
k="${p%%=*}" # get the key (variable name) from it k="${p%%=*}" # get the key (variable name) from it
[ "$k" = "REMOTE_ADDR" -o "$k" = "REMOTE_HOST" -o "$k" = "REMOTE_PORT" -o "$k" = "REMOTE_USER" ] && continue
v="${p#*=}" # get the value from it v="${p#*=}" # get the value from it
# decode and evaluate var if requested # decode and evaluate var if requested
if [ "$k" != "SPECTEXT" ]; then if [ "$k" != "SPECTEXT" ]; then