]>
Commit | Line | Data |
---|---|---|
4b310d24 AM |
1 | diff --git a/server/util_script.c b/server/util_script.c |
2 | index 5e071a2..443dfb6 100644 | |
3 | --- a/server/util_script.c | |
4 | +++ b/server/util_script.c | |
5 | @@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) | |
6 | else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) { | |
7 | apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val); | |
8 | } | |
9 | + /* HTTP_PROXY collides with a popular envvar used to configure | |
10 | + * proxies, don't let clients set/override it. But, if you must... | |
11 | + */ | |
12 | +#ifndef SECURITY_HOLE_PASS_PROXY | |
13 | + else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) { | |
14 | + ; | |
15 | + } | |
16 | +#endif | |
17 | /* | |
18 | * You really don't want to disable this check, since it leaves you | |
19 | * wide open to CGIs stealing passwords and people viewing them |