Home Explore Help
Sign In
pascal
/
freepascal.compiler
mirror of https://gitlab.com/freepascal.org/fpc/source.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

* Some extra security when getting request variables from Apache (19397)

git-svn-id: trunk@17544 -
michael 14 years ago
parent
3d86949990
commit
a7b281b132
1 changed files with 22 additions and 13 deletions
Split View Show Diff Stats
  1. 22 13
      packages/fcl-web/src/base/fpapache.pp

+ 22 - 13
packages/fcl-web/src/base/fpapache.pp
View File 

@@ -446,6 +446,13 @@ end;
 
 
 function TApacheRequest.GetFieldValue(Index: Integer): String;
 
 
+  Function MaybeP(P : Pchar) : String;
 
+  
+  begin
 
+    If (P<>Nil) then
 
+      Result:=StrPas(P);
 
+  end;
 
+
 
 var
 
   P : Pchar;
 
   FN : String;
 
@@ -462,30 +469,32 @@ begin
 
     end;
 
   if (Result='') then
 
     case Index of
 
-      0  : Result:=strpas(FRequest^.protocol); // ProtocolVersion
 
-      7  : Result:=Strpas(FRequest^.content_encoding); //ContentEncoding
 
-      25 : Result:=StrPas(FRequest^.path_info); // PathInfo
 
-      26 : Result:=StrPas(FRequest^.filename); // PathTranslated
 
+      0  : Result:=MaybeP(FRequest^.protocol); // ProtocolVersion
 
+      7  : Result:=MaybeP(FRequest^.content_encoding); //ContentEncoding
 
+      25 : Result:=MaybeP(FRequest^.path_info); // PathInfo
 
+      26 : Result:=MaybeP(FRequest^.filename); // PathTranslated
 
       27 : // RemoteAddr
 
            If (FRequest^.Connection<>Nil) then
 
-             Result:=StrPas(FRequest^.Connection^.remote_ip);
 
+             Result:=MaybeP(FRequest^.Connection^.remote_ip);
 
       28 : // RemoteHost
 
            If (FRequest^.Connection<>Nil) then
 
-             Result:=StrPas(ap_get_remote_host(FRequest^.Connection,
 
-                                FRequest^.Per_Dir_Config,
 
-                                REMOTE_HOST,Nil));
 
+             begin
 
+             Result:=MaybeP(ap_get_remote_host(FRequest^.Connection,
 
+                                   FRequest^.Per_Dir_Config,
 
+                                   REMOTE_HOST,Nil));
 
+             end;                   
       29 : begin // ScriptName
 
-           Result:=StrPas(FRequest^.unparsed_uri);
 
+           Result:=MaybeP(FRequest^.unparsed_uri);
 
            I:=Pos('?',Result)-1;
 
            If (I=-1) then
 
              I:=Length(Result);
 
            Result:=Copy(Result,1,I-Length(PathInfo));
 
            end;
 
       30 : Result:=IntToStr(ap_get_server_port(FRequest)); // ServerPort
 
-      31 : Result:=StrPas(FRequest^.method); // Method
 
-      32 : Result:=StrPas(FRequest^.unparsed_uri); // URL
 
-      33 : Result:=StrPas(FRequest^.args); // Query
 
-      34 : Result:=StrPas(FRequest^.HostName); // Host
 
+      31 : Result:=MaybeP(FRequest^.method); // Method
 
+      32 : Result:=MaybeP(FRequest^.unparsed_uri); // URL
 
+      33 : Result:=MaybeP(FRequest^.args); // Query
 
+      34 : Result:=MaybeP(FRequest^.HostName); // Host
 
     else
 
       Result:=inherited GetFieldValue(Index);
 
     end;