From: Eric Covener Date: Mon, 1 Dec 2025 12:03:12 +0000 (+0000) Subject: envvars from HTTP headers low precedence X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e4f00c5eb71d8a7aa1f52b5279832986f669d463;p=thirdparty%2Fapache%2Fhttpd.git envvars from HTTP headers low precedence git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930163 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/server/util_script.c b/server/util_script.c index 72175e7582..6a18aec8c9 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -126,6 +126,8 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) } } for (i = 0; i < env_arr->nelts; ++i) { + int changed = 0; + if (!elts[i].key) { continue; } @@ -133,18 +135,36 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) whack = env[j]; if (apr_isdigit(*whack)) { *whack++ = '_'; + changed = 1; } while (*whack != '=') { #ifdef WIN32 - if (!apr_isalnum(*whack) && *whack != '(' && *whack != ')') { + if (!apr_isalnum(*whack) && *whack != '_' && *whack != '(' && *whack != ')') { #else - if (!apr_isalnum(*whack)) { + if (!apr_isalnum(*whack) && *whack != '_') { #endif *whack = '_'; + changed = 1; } ++whack; } - ++j; + if (changed) { + *whack = '\0'; + /* + * If after cleaning up the key the key is identical to an existing key + * in the table drop this environment variable. This also prevents + * to override CGI reserved environment variables with variables whose + * names have an invalid character instead of '_', but are otherwise + * equal to the names CGI reserved environment variables. + */ + if (!apr_table_get(t, env[j])) { + ++j; + *whack = '='; + } + } + else { + ++j; + } } env[j] = NULL;