On 2016-07-18 18:07:22, Richard Hipp wrote:
> On 7/18/16, Martin S. Weber wrote:
> >
> > But it uses the http_proxy environment variable, doesn't it,
> > which a front-end web server might (or, will, according to RFC 3875,)
> > set before invoking fossil as a cgi.
>
> Only shell commands (ex: "fo
On 7/18/16, Martin S. Weber wrote:
>
> But it uses the http_proxy environment variable, doesn't it,
> which a front-end web server might (or, will, according to RFC 3875,)
> set before invoking fossil as a cgi.
Only shell commands (ex: "fossil sync") use the HTTP_PROXY environment
variable, and t
On 2016-07-18 17:27:52, Richard Hipp wrote:
> On 7/18/16, Martin S. Weber wrote:
> > More info e.g. at https://httpoxy.org/
> >
> > suggested fix: "If you’re running PHP or CGI, you should block the Proxy
> > header now."
> >
> > Fossil's suggesting deployment as a CGI
> > Fossil's using http_prox
On 7/18/16, Martin S. Weber wrote:
> More info e.g. at https://httpoxy.org/
>
> suggested fix: "If you’re running PHP or CGI, you should block the Proxy
> header now."
>
> Fossil's suggesting deployment as a CGI
> Fossil's using http_proxy itself (as client)
>
> wondering whether:
> - fossil can b
More info e.g. at https://httpoxy.org/
suggested fix: "If you’re running PHP or CGI, you should block the Proxy header
now."
Fossil's suggesting deployment as a CGI
Fossil's using http_proxy itself (as client)
wondering whether:
- fossil can be convinced to be exploitable by a well crafted prox
5 matches
Mail list logo