From 066b8ca70877e3a07545a638a96aa59719c4fe60 Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sat, 5 Jan 2019 18:37:57 -0500
Subject: [PATCH] apache: allow #":" in rewrite_arg type

We really should be escaping this in the [E=VAR:VAL] construct, but
since the results of a user using #":" in the VAR aren't fatal or
insecure (just surprising), allow it since otherwise you can't use
constructs like "%{HTTP:header}".
---
 src/plugins/apache.sml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 524321c..3a446f6 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -97,7 +97,8 @@ val _ = Env.type_one "proxy_reverse_target"
 
 val _ = Env.type_one "rewrite_arg"
 	Env.string
-	(CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #":", #"\\" ])))
+	(* #":" is permitted here, but really ought to be disallowed or escaped for E=VAR:VAL *)
+	(CharVector.all (fn ch => (Char.isGraph ch) andalso not (List.exists (fn c => ch = c) [ #"[", #"]", #",", #"\"", #"'", #"=", #"\\" ])))
 
 val _ = Env.type_one "suexec_flag"
 	Env.bool
-- 
2.20.1