Fossil SCM
Extra comment describing the previous change.
Commit
6c02983d0a9185f725b0167e33b462d4bf1c0e333fc89c0114c91328a02a9f1e
Parent
e09df6ea475cd85…
1 file changed
+5
+5
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -555,10 +555,15 @@ | ||
| 555 | 555 | ** are ignored. |
| 556 | 556 | ** |
| 557 | 557 | ** * it is impossible for a cookie or query parameter to |
| 558 | 558 | ** override the value of an environment variable since |
| 559 | 559 | ** environment variables always have uppercase names. |
| 560 | +** | |
| 561 | +** 2018-03-29: Also ignore the entry if NAME that contains any characters | |
| 562 | +** other than [a-zA-Z0-9_]. There are no known exploits involving unusual | |
| 563 | +** names that contain characters outside that set, but it never hurts to | |
| 564 | +** be extra cautious when sanitizing inputs. | |
| 560 | 565 | ** |
| 561 | 566 | ** Parameters are separated by the "terminator" character. Whitespace |
| 562 | 567 | ** before the NAME is ignored. |
| 563 | 568 | ** |
| 564 | 569 | ** The input string "z" is modified but no copies is made. "z" |
| 565 | 570 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -555,10 +555,15 @@ | |
| 555 | ** are ignored. |
| 556 | ** |
| 557 | ** * it is impossible for a cookie or query parameter to |
| 558 | ** override the value of an environment variable since |
| 559 | ** environment variables always have uppercase names. |
| 560 | ** |
| 561 | ** Parameters are separated by the "terminator" character. Whitespace |
| 562 | ** before the NAME is ignored. |
| 563 | ** |
| 564 | ** The input string "z" is modified but no copies is made. "z" |
| 565 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -555,10 +555,15 @@ | |
| 555 | ** are ignored. |
| 556 | ** |
| 557 | ** * it is impossible for a cookie or query parameter to |
| 558 | ** override the value of an environment variable since |
| 559 | ** environment variables always have uppercase names. |
| 560 | ** |
| 561 | ** 2018-03-29: Also ignore the entry if NAME that contains any characters |
| 562 | ** other than [a-zA-Z0-9_]. There are no known exploits involving unusual |
| 563 | ** names that contain characters outside that set, but it never hurts to |
| 564 | ** be extra cautious when sanitizing inputs. |
| 565 | ** |
| 566 | ** Parameters are separated by the "terminator" character. Whitespace |
| 567 | ** before the NAME is ignored. |
| 568 | ** |
| 569 | ** The input string "z" is modified but no copies is made. "z" |
| 570 |