summaryrefslogtreecommitdiff
path: root/.gitignore
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2018-05-01 00:20:26 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2018-08-12 14:43:22 -0400
commit3eb7902e10ba75b3f2eb159e244d0d8e5037ccd2 (patch)
tree3915619c5c0c93733c3f00d670e559ef319c9df7 /.gitignore
parent6ccccaaa38bdf545dafbd2e31950e756fc6ac775 (diff)
downloadlighttpd1.4-3eb7902e10ba75b3f2eb159e244d0d8e5037ccd2.tar.gz
lighttpd1.4-3eb7902e10ba75b3f2eb159e244d0d8e5037ccd2.zip
[core] server.http-parseopts URL normalization opt (fixes #1720)
server.http-parseopts = ( ... ) URL normalization options Note: *not applied* to CONNECT method Note: In a future release, URL normalization likely enabled by default (normalize URL, reject control chars, remove . and .. path segments) To prepare for this change, lighttpd.conf configurations should explicitly select desired behavior by enabling or disabling: server.http-parseopts = ( "url-normalize" => "enable", ... ) server.http-parseopts = ( "url-normalize" => "disable" ) x-ref: "lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data." https://www.cvedetails.com/cve/CVE-2008-4359/ "Rewrite/redirect rules and URL encoding" https://redmine.lighttpd.net/issues/1720
Diffstat (limited to '.gitignore')
-rw-r--r--.gitignore1
1 files changed, 1 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index fc6317cf..c27120cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,6 +49,7 @@ sconsbuild/
stamp-h1
test_base64
test_buffer
+test_burl
test_configfile
test_request
versionstamp.h