On 2023/06/30 15:29:07 +0200, Omar Polo wrote:
> duh. sorry for the dumb question, it was obvious. Here's a better
> diff.
>
> I've made strictier the syntax checks for IPv6 (after the closing ']'
> there's the optional port but then nothing else) and joined together
> the cases for the host:po
On 2023/06/30 11:14:51 +0200, Florian Obser wrote:
> On 2023-06-30 10:46 +02, Omar Polo wrote:
> > On 2023/06/29 23:43:25 +0200, Omar Polo wrote:
> >> On 2023/06/29 19:55:52 +0200, Florian Obser wrote:
> >> > I'm worried that we pass un-sanitized input through to fcgi.
> >> > Of course we are p
On 2023-06-30 10:46 +02, Omar Polo wrote:
> On 2023/06/29 23:43:25 +0200, Omar Polo wrote:
>> On 2023/06/29 19:55:52 +0200, Florian Obser wrote:
>> > I'm worried that we pass un-sanitized input through to fcgi.
>> > Of course we are passing *a lot* of un-sanitized input through to fcgi,
>> > so
On 2023/06/29 23:43:25 +0200, Omar Polo wrote:
> On 2023/06/29 19:55:52 +0200, Florian Obser wrote:
> > I'm worried that we pass un-sanitized input through to fcgi.
> > Of course we are passing *a lot* of un-sanitized input through to fcgi,
> > so does this matter in the grand scheme of things?
>
On 2023/06/29 19:55:52 +0200, Florian Obser wrote:
> I'm worried that we pass un-sanitized input through to fcgi.
> Of course we are passing *a lot* of un-sanitized input through to fcgi,
> so does this matter in the grand scheme of things?
> But I'd like if server_http_parsehost() enforces syntac
On 2023-06-19 18:27 +02, Omar Polo wrote:
> currently httpd uses the name specified in the config `server' block
> which is not guaranteed to be a valid hostname.
>
> quoting rfc3875:
>
>The SERVER_NAME variable MUST be set to the name of the server host
>to which the client request is dir
currently httpd uses the name specified in the config `server' block
which is not guaranteed to be a valid hostname.
quoting rfc3875:
The SERVER_NAME variable MUST be set to the name of the server host
to which the client request is directed. It is a case-insensitive
hostname or network