nginx: src/http/modules/perl/ngx_http_perl

comparison src/http/modules/perl/ngx_http_perl_module.c @ 7528:0cb693b4cbbb

Perl: disabled unrelated calls from variable handlers. Variable handlers are not expected to send anything to the client, cannot sleep or read body, and are not expected to modify the request. Added appropriate protection to prevent accidental foot shooting.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Fri, 12 Jul 2019 15:35:31 +0300
parents	575480d3fd01
children	d758d04e0790

comparison

equal deleted inserted replaced

-:02cd116ebe2a
+:0cb693b4cbbb
 {
 ngx_http_perl_variable_t *pv = (ngx_http_perl_variable_t *) data;
 ngx_int_t                   rc;
 ngx_str_t                   value;
+ngx_uint_t                  saved;
 ngx_http_perl_ctx_t        *ctx;
 ngx_http_perl_main_conf_t  *pmcf;
 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
 "perl variable handler");
 ngx_http_set_ctx(r, ctx, ngx_http_perl_module);
 ctx->request = r;
 }
+saved = ctx->variable;
+ctx->variable = 1;
 pmcf = ngx_http_get_module_main_conf(r, ngx_http_perl_module);
 value.data = NULL;
 } else {
 v->not_found = 1;
 }
+ctx->variable = saved;
 ctx->filename.data = NULL;
 ctx->redirect_uri.len = 0;
 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
 "perl variable done");

Mercurial > hg > nginx

comparison src/http/modules/perl/ngx_http_perl_module.c @ 7528:0cb693b4cbbb