apache-ssl's suexec
I'm planning on fixing #40226 in apache 1.3.22-6. After all, it's only
been open >2.5 years. With this patch:
@@ -165,6 +166,8 @@
"UNIQUE_ID",
"USER_NAME",
"TZ",
+ "HTTPS",
+ "REDIRECT_HTTPS",
NULL
};
@@ -228,7 +231,8 @@
cidx++;
for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
- if (!strncmp(*ep, "HTTP_", 5)) {
+ if (!strncmp(*ep, "HTTP_", 5) ||
+ !strncmp(*ep, "SSL_", 4)) {
cleanenv[cidx] = *ep;
cidx++;
}
is there any more that needs to be done to remove suexec from apache-ssl?
--
Revolutions do not require corporate support.
Reply to: