apache: allow #":" in rewrite_arg type

We really should be escaping this in the [E=VAR:VAL] construct, but
since the results of a user using #":" in the VAR aren't fatal or
insecure (just surprising), allow it since otherwise you can't use
constructs like "%{HTTP:header}".

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 524321c..3a446f6 100644 (file)
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -97,7 +97,8 @@ val _ = Env.type_one "proxy_reverse_target"
 
 val _ = Env.type_one "rewrite_arg"
        Env.string
 
 val _ = Env.type_one "rewrite_arg"
        Env.string

-       (CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #":", #"\\" ])))
+       (* #":" is permitted here, but really ought to be disallowed or escaped for E=VAR:VAL *)
+       (CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #"\\" ])))

 
 val _ = Env.type_one "suexec_flag"
        Env.bool
 
 val _ = Env.type_one "suexec_flag"
        Env.bool