On Thu, Apr 05, 2018 at 01:38:05PM +0200, Yann Ylavic wrote:
> On Wed, Oct 11, 2017 at 4:48 PM, <jor...@apache.org> wrote:
> > Author: jorton
> > Date: Wed Oct 11 14:48:55 2017
> > New Revision: 1811831
> > URL: http://svn.apache.org/viewvc?rev=1811831&view=rev
> > Log:
> > * server/util_script.c (ap_add_common_vars): Allow mod_env to override
> > all system path environment variables, not just PATH. (The
> > behaviour for PATH alone was changed in r965679 for PR 43906.)
> Since SetEnv* are usable from htaccess, don't we open a risky door here?
If we allow control over PATH (which we do already) I am struggling to
imagine how it would be worse to allow control of anything other env
Can you think of a scenario where it would be a problem?