httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1146244 - in /httpd/httpd/trunk: CHANGES support/suexec.c
Date Wed, 13 Jul 2011 19:11:22 GMT
Author: sf
Date: Wed Jul 13 19:11:21 2011
New Revision: 1146244

URL: http://svn.apache.org/viewvc?rev=1146244&view=rev
Log:
Add some environment variables to the whitelist in suexec

PR: 51499
Submitted by: Graham Laverty <graham reg ca>, Stefan Fritsch

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/support/suexec.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1146244&r1=1146243&r2=1146244&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jul 13 19:11:21 2011
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.3.14
 
+  *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
+     REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
+     whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
+     Stefan Fritsch]
+
   *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
 
   *) mod_log_debug: New module that allows to log custom messages at various

Modified: httpd/httpd/trunk/support/suexec.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/suexec.c?rev=1146244&r1=1146243&r2=1146244&view=diff
==============================================================================
--- httpd/httpd/trunk/support/suexec.c (original)
+++ httpd/httpd/trunk/support/suexec.c Wed Jul 13 19:11:21 2011
@@ -81,6 +81,8 @@ static const char *const safe_env_lst[] 
     "AUTH_TYPE=",
     "CONTENT_LENGTH=",
     "CONTENT_TYPE=",
+    "CONTEXT_DOCUMENT_ROOT=",
+    "CONTEXT_PREFIX=",
     "DATE_GMT=",
     "DATE_LOCAL=",
     "DOCUMENT_NAME=",
@@ -99,13 +101,16 @@ static const char *const safe_env_lst[] 
     "REMOTE_IDENT=",
     "REMOTE_PORT=",
     "REMOTE_USER=",
+    "REDIRECT_ERROR_NOTES=",
     "REDIRECT_HANDLER=",
     "REDIRECT_QUERY_STRING=",
     "REDIRECT_REMOTE_USER=",
+    "REDIRECT_SCRIPT_FILENAME=",
     "REDIRECT_STATUS=",
     "REDIRECT_URL=",
     "REQUEST_METHOD=",
     "REQUEST_URI=",
+    "REQUEST_SCHEME=",
     "SCRIPT_FILENAME=",
     "SCRIPT_NAME=",
     "SCRIPT_URI=",



Mime
View raw message