httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sander Holthaus - Orange XL" <>
Subject [users@httpd] Apache envirorement variables tainted in cgi?
Date Sun, 13 Oct 2002 19:26:17 GMT
Can any tell me if envirorement variables in Apache can be tainted? I have a
cgi-script that outputs certain data such as the accepted languages in an
email. One of those emails contained the following:

en x-ns$ixDukAVn x-nsrwwDADKILc.

The following regexp was let loose on $ENV{'HTTP_ACCEPT_LANGUAGE'} before it
got pasted in the email.

$ENV{'HTTP_ACCEPT_LANGUAGE'} =~ s/[\d\;\=\.q]*//g;
$ENV{'HTTP_ACCEPT_LANGUAGE'} =~ s/([,])|(.* .*)/ /g;

Does apache check information in HTTP-headers before pasing them as

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message