MCPcopy Create free account
hub / github.com/apache/httpd / ap_add_common_vars

Function ap_add_common_vars

server/util_script.c:174–345  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

172}
173
174AP_DECLARE(void) ap_add_common_vars(request_rec *r)
175{
176 apr_table_t *e;
177 server_rec *s = r->server;
178 conn_rec *c = r->connection;
179 core_dir_config *conf =
180 (core_dir_config *)ap_get_core_module_config(r->per_dir_config);
181 const char *env_temp;
182 const apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
183 const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts;
184 int i;
185 apr_port_t rport;
186 char *q;
187
188 /* use a temporary apr_table_t which we'll overlap onto
189 * r->subprocess_env later
190 * (exception: if r->subprocess_env is empty at the start,
191 * write directly into it)
192 */
193 if (apr_is_empty_table(r->subprocess_env)) {
194 e = r->subprocess_env;
195 }
196 else {
197 e = apr_table_make(r->pool, 25 + hdrs_arr->nelts);
198 }
199
200 /* First, add environment vars from headers... this is as per
201 * CGI specs, though other sorts of scripting interfaces see
202 * the same vars...
203 */
204
205 for (i = 0; i < hdrs_arr->nelts; ++i) {
206 if (!hdrs[i].key) {
207 continue;
208 }
209
210 /* A few headers are special cased --- Authorization to prevent
211 * rogue scripts from capturing passwords; content-type and -length
212 * for no particular reason.
213 */
214
215 if (!ap_cstr_casecmp(hdrs[i].key, "Content-type")) {
216 apr_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
217 }
218 else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) {
219 apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
220 }
221 /* HTTP_PROXY collides with a popular envvar used to configure
222 * proxies, don't let clients set/override it. But, if you must...
223 */
224#ifndef SECURITY_HOLE_PASS_PROXY
225 else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
226 ;
227 }
228#endif
229 /*
230 * You really don't want to disable this check, since it leaves you
231 * wide open to CGIs stealing passwords and people viewing them

Callers 10

isapi_handlerFunction · 0.85
setupenvFunction · 0.85
send_environmentFunction · 0.85
uwsgi_send_headersFunction · 0.85
send_headersFunction · 0.85
cgid_handlerFunction · 0.85
cgi_handlerFunction · 0.85
includes_filterFunction · 0.85
init_ext_filter_processFunction · 0.85
util_script.hFile · 0.85

Calls 14

ap_cstr_casecmpFunction · 0.85
env2envFunction · 0.85
ap_psignatureFunction · 0.85
ap_get_server_bannerFunction · 0.85
ap_get_server_portFunction · 0.85
add_unless_nullFunction · 0.85
ap_get_useragent_hostFunction · 0.85
ap_document_rootFunction · 0.85
ap_context_prefixFunction · 0.85
ap_context_document_rootFunction · 0.85

Tested by

no test coverage detected