Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Extra comment describing the previous change. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
6c02983d0a9185f725b0167e33b462d4 |
User & Date: | drh 2018-03-29 15:24:34.162 |
Context
2018-03-29
| ||
15:42 | Update the built-in SQLite to the second 3.23.0 beta. ... (check-in: 032188a6 user: drh tags: trunk) | |
15:24 | Extra comment describing the previous change. ... (check-in: 6c02983d user: drh tags: trunk) | |
15:20 | Slight revision to [be5d83f93ac66f65] to allow "_" in parameter names. ... (check-in: e09df6ea user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
︙ | ︙ | |||
553 554 555 556 557 558 559 560 561 562 563 564 565 566 | ** ** * cookies and query parameters that have uppercase names ** are ignored. ** ** * it is impossible for a cookie or query parameter to ** override the value of an environment variable since ** environment variables always have uppercase names. ** ** Parameters are separated by the "terminator" character. Whitespace ** before the NAME is ignored. ** ** The input string "z" is modified but no copies is made. "z" ** should not be deallocated or changed again after this routine ** returns or it will corrupt the parameter table. | > > > > > | 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 | ** ** * cookies and query parameters that have uppercase names ** are ignored. ** ** * it is impossible for a cookie or query parameter to ** override the value of an environment variable since ** environment variables always have uppercase names. ** ** 2018-03-29: Also ignore the entry if NAME that contains any characters ** other than [a-zA-Z0-9_]. There are no known exploits involving unusual ** names that contain characters outside that set, but it never hurts to ** be extra cautious when sanitizing inputs. ** ** Parameters are separated by the "terminator" character. Whitespace ** before the NAME is ignored. ** ** The input string "z" is modified but no copies is made. "z" ** should not be deallocated or changed again after this routine ** returns or it will corrupt the parameter table. |
︙ | ︙ |