From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sat, 5 Jan 2019 23:37:57 +0000 (-0500)
Subject: apache: allow #":" in rewrite_arg type
X-Git-Tag: release_20190105-4
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/066b8ca70877e3a07545a638a96aa59719c4fe60

apache: allow #":" in rewrite_arg type

We really should be escaping this in the [E=VAR:VAL] construct, but
since the results of a user using #":" in the VAR aren't fatal or
insecure (just surprising), allow it since otherwise you can't use
constructs like "%{HTTP:header}".
---

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 524321c..3a446f6 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -97,7 +97,8 @@ val _ = Env.type_one "proxy_reverse_target"
 
 val _ = Env.type_one "rewrite_arg"
 	Env.string
-	(CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #":", #"\\" ])))
+	(* #":" is permitted here, but really ought to be disallowed or escaped for E=VAR:VAL *)
+	(CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #"\\" ])))
 
 val _ = Env.type_one "suexec_flag"
 	Env.bool