envvars from HTTP headers low precedence

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930163 13f79535-47bb-0310-9956-ffa450edef68
2026-01-13 05:41:23 +00:00 · 2025-12-01 12:03:12 +00:00
parent 6aa64b2f2d
commit e4f00c5eb7
1 changed files with 23 additions and 3 deletions
--- a/server/util_script.c
+++ b/server/util_script.c
@ -126,6 +126,8 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
        }
    }
    for (i = 0; i < env_arr->nelts; ++i) {
+        int changed = 0;
+
        if (!elts[i].key) {
            continue;
        }
@ -133,18 +135,36 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
        whack = env[j];
        if (apr_isdigit(*whack)) {
            *whack++ = '_';
+            changed = 1;
        }
        while (*whack != '=') {
 #ifdef WIN32
-            if (!apr_isalnum(*whack) && *whack != '(' && *whack != ')') {
+            if (!apr_isalnum(*whack) && *whack != '_' && *whack != '(' && *whack != ')') {
 #else
-            if (!apr_isalnum(*whack)) {
+            if (!apr_isalnum(*whack) && *whack != '_') {
 #endif
                *whack = '_';
+                changed = 1;
            }
            ++whack;
        }
-        ++j;
+        if (changed) {
+            *whack = '\0';
+            /*
+             * If after cleaning up the key the key is identical to an existing key
+             * in the table drop this environment variable. This also prevents
+             * to override CGI reserved environment variables with variables whose
+             * names have an invalid character instead of '_', but are otherwise
+             * equal to the names CGI reserved environment variables.
+             */
+            if (!apr_table_get(t, env[j])) {
+                ++j;
+                *whack = '=';
+            }
+        }
+        else {
+            ++j;
+        }
    }

    env[j] = NULL;