commit | 17742f2d45c9dd7ca777e33601a26e80576fdbf6 | [log] [tgz] |
---|---|---|
author | Senthil Kumaran <senthil@uthcode.com> | Sat Jul 30 23:39:06 2016 -0700 |
committer | Senthil Kumaran <senthil@uthcode.com> | Sat Jul 30 23:39:06 2016 -0700 |
tree | f83a9638dd08398dd1c93e4941a794a836b67f8c | |
parent | 3a32bdfaa7494bfc172b04bdb1c8159978af8d42 [diff] | |
parent | 436fe5a447abb69e5e5a4f453325c422af02dcaa [diff] |
[merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110) Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by RĂ©mi Rampin.