Commit 379ea516 authored by Matt Behrens's avatar Matt Behrens

delete Authorization environment variable to prevent leakage of password

when using FastCGI
parent b1d10231
...@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat): ...@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat):
# But first, fixup the auth header if using newest mod_fastcgi. # But first, fixup the auth header if using newest mod_fastcgi.
if self.env.has_key('Authorization'): if self.env.has_key('Authorization'):
self.env['HTTP_AUTHORIZATION'] = self.env['Authorization'] self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
del self.env['Authorization']
self.stdin.seek(0) self.stdin.seek(0)
self.send_response() self.send_response()
......
...@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat): ...@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat):
# But first, fixup the auth header if using newest mod_fastcgi. # But first, fixup the auth header if using newest mod_fastcgi.
if self.env.has_key('Authorization'): if self.env.has_key('Authorization'):
self.env['HTTP_AUTHORIZATION'] = self.env['Authorization'] self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
del self.env['Authorization']
self.stdin.seek(0) self.stdin.seek(0)
self.send_response() self.send_response()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment