Permalink
Browse files

Disallow setting arg_ and cookie_ variables in Set Var module

  • Loading branch information...
Marcus Clyne
Marcus Clyne committed Oct 13, 2010
1 parent 2e48cd4 commit d8e27503a8f269a7d012050ba3b593c5db217f2e
Showing with 2 additions and 0 deletions.
  1. +2 −0 src/ndk_set_var.c
View
@@ -285,6 +285,8 @@ ndk_set_var_name (ndk_set_var_info_t *info, ngx_str_t *varname)
}
if (v->get_handler == NULL
+ && ngx_strncasecmp(name.data, (u_char *) "arg_", 4) != 0
+ && ngx_strncasecmp(name.data, (u_char *) "cookie_", 7) != 0
&& ngx_strncasecmp(name.data, (u_char *) "http_", 5) != 0
&& ngx_strncasecmp(name.data, (u_char *) "sent_http_", 10) != 0
&& ngx_strncasecmp(name.data, (u_char *) "upstream_http_", 14) != 0)

0 comments on commit d8e2750

Please sign in to comment.