On Sat, Jan 28, 2017 at 02:11:31PM +0000, Holger Levsen wrote: > On Fri, Jan 27, 2017 at 03:22:14PM +0000, Wolfgang Schweer wrote: > > + * Adjust sitesummary-upload to be compliant with apache 2.4.25 security > > + fixes (HTTP request). (Closes: #852623). > [..] > > #Send data > > -print $remote <<"EOF"; > > -POST $submiturl HTTP/1.1 > > -User-Agent: sitesummary-upload > > -Host: $host > > -content-type: multipart/form-data; boundary=$boundary > > -content-length: $formlen > > - > > -$form > > -EOF > > +print $remote "POST $submiturl HTTP/1.1\r\n"; > > +print $remote "User-Agent: sitesummary-upload\r\n"; > > +print $remote "Host: $host\r\n"; > > +print $remote "Content-Type: multipart/form-data; boundary=$boundary\r\n"; > > +print $remote "Content-Length: $formlen\r\n"; > > +print $remote "\r\n"; > > +print $remote "$form"; > > I dont really get why this is needed. Could you please explain shortly > here? I notice the order of the headers is slightly different, is that > really what matters or did I miss something? What really matters are the line endings CRLF (\r\n) to avoid whitespace. Wolfgang
Attachment:
signature.asc
Description: PGP signature