Roxen.git / server / etc / modules / Roxen.pmod

version» Context lines:

Roxen.git/server/etc/modules/Roxen.pmod:1:   // This is a roxen pike module. Copyright © 1999 - 2004, Roxen IS.   // - // $Id: Roxen.pmod,v 1.193 2005/02/25 15:51:16 grubba Exp $ + // $Id$      #include <roxen.h>   #include <config.h>   #include <version.h>   #include <module.h>   #include <variables.h>   #include <stat.h>   #define roxen roxenp()      #ifdef HTTP_DEBUG
Roxen.git/server/etc/modules/Roxen.pmod:1094:    new["CONTENT_LENGTH"]=(string)strlen(id->data);    }       if(id->query && strlen(id->query))    new["INDEX"]=id->query;       new["REQUEST_METHOD"]=id->method||"GET";    new["SERVER_PORT"] = id->my_fd?    ((id->my_fd->query_address(1)||"foo unknown")/" ")[1]: "Internal";    +  // Protect against execution of arbitrary code in broken bash. +  foreach(new; string e; string v) { +  if (has_prefix(v, "() {")) { +  report_warning("ENV: Function definition in environment variable:\n" +  "ENV: %O=%O\n", +  e, v); +  new[e] = " " + v; +  } +  } +     return new;   }      mapping build_roxen_env_vars(RequestID id)   //! Generate a mapping with additional environment variables suitable   //! for use with CGI-scripts or SSI scripts etc. These variables are   //! roxen extensions and not defined in any standard document.   //! Specifically:   //! @pre{   //! For each cookie: COOKIE_cookiename=cookievalue
Roxen.git/server/etc/modules/Roxen.pmod:1186:       foreach(indices(id->supports), tmp)    {    tmp = mk_env_var_name(tmp-",");    new["SUPPORTS_"+tmp]="true";    if (new["SUPPORTS"])    new["SUPPORTS"] += " " + tmp;    else    new["SUPPORTS"] = tmp;    } +  +  // Protect against execution of arbitrary code in broken bash. +  foreach(new; string e; string v) { +  if (has_prefix(v, "() {")) { +  report_warning("ENV: Function definition in environment variable:\n" +  "ENV: %O=%O\n", +  e, v); +  new[e] = " " + v; +  } +  } +     return new;   }      string strip_config(string from)   //! Remove all 'config' data from the given (local) URL.   {    sscanf(from, "/<%*s>%s", from);    return from;   }