You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2014/03/27 11:58:36 UTC
svn commit: r1582253 - /httpd/httpd/trunk/modules/lua/lua_request.c
Author: humbedooh
Date: Thu Mar 27 10:58:35 2014
New Revision: 1582253
URL: http://svn.apache.org/r1582253
Log:
mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.
Modified:
httpd/httpd/trunk/modules/lua/lua_request.c
Modified: httpd/httpd/trunk/modules/lua/lua_request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?rev=1582253&r1=1582252&r2=1582253&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/lua/lua_request.c (original)
+++ httpd/httpd/trunk/modules/lua/lua_request.c Thu Mar 27 10:58:35 2014
@@ -2057,6 +2057,10 @@ static int lua_set_cookie(lua_State *L)
strdomain = apr_psprintf(r->pool, "Domain=%s;", domain);
}
+ /* URL-encode key/value */
+ value = ap_escape_urlencoded(r->pool, value);
+ key = ap_escape_urlencoded(r->pool, key);
+
/* Create the header */
out = apr_psprintf(r->pool, "%s=%s; %s %s %s %s %s", key, value,
secure ? "Secure;" : "",