On Thu, Apr 05, 2018 at 01:38:05PM +0200, Yann Ylavic wrote: > On Wed, Oct 11, 2017 at 4:48 PM, <[email protected]> wrote: > > Author: jorton > > Date: Wed Oct 11 14:48:55 2017 > > New Revision: 1811831 > > > > URL: http://svn.apache.org/viewvc?rev=1811831&view=rev > > Log: > > * server/util_script.c (ap_add_common_vars): Allow mod_env to override > > all system path environment variables, not just PATH. (The > > behaviour for PATH alone was changed in r965679 for PR 43906.) > > Since SetEnv* are usable from htaccess, don't we open a risky door here?
If we allow control over PATH (which we do already) I am struggling to imagine how it would be worse to allow control of anything other env var. Can you think of a scenario where it would be a problem? Regards, Joe
