artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 051764f) | patch
Do not use the HTTP_HOST CGI variable,
authorschwarze <schwarze@openbsd.org>
Fri, 18 Jul 2014 19:02:07 +0000 (19:02 +0000)
committerschwarze <schwarze@openbsd.org>
Fri, 18 Jul 2014 19:02:07 +0000 (19:02 +0000)
commit42b7df08741512528b27e289675de8247697eda9
tree78bc56baa9ca88e57e91050ce4d8e8c69fa1c576tree | snapshot
parent051764f3f143e22d93041fcb2dfc3126130264f3commit | diff
Do not use the HTTP_HOST CGI variable,
just make the HTTP redirect Location: relative.
Less user input is good, it reduces the attack surface.
Besides, this removes one global variable and 4 lines of code.

Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.
usr.bin/mandoc/cgi.c diff | blob | history
usr.bin/mandoc/man.cgi.8 diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim