From b2954ff223fcd239beefba16f8696cbe5e4bfcd1 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Tue, 14 Jul 2015 01:31:32 -0300
Subject: [PATCH] Fills ARGS variable even on POST

---
 src/assay.cc | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/assay.cc b/src/assay.cc
index 53a31d42..8c8ca566 100644
--- a/src/assay.cc
+++ b/src/assay.cc
@@ -350,6 +350,34 @@ int Assay::addRequestHeader(const unsigned char *key, size_t key_n,
  */
 int Assay::processRequestBody() {
     debug(4, "Starting phase REQUEST_BODY. (SecRules 2)");
+
+    if (m_requestBody.tellp() > 0) {
+        /**
+         * FIXME:
+         *
+         * This is configurable by secrules, we should respect whatever
+         * the secrules said about it.
+         *
+         */
+        std::string content = m_requestBody.str();
+        char sep1 = '&';
+
+        std::vector<std::string> key_value = split(content, sep1);
+
+        for (std::string t : key_value) {
+            /**
+             * FIXME:
+             *
+             * Mimic modsecurity when there are multiple keys with the same name.
+             *
+             */
+            char sep2 = '=';
+
+            std::vector<std::string> key_value = split(t, sep2);
+            store_variable("ARGS:" + key_value[0], key_value[1]);
+        }
+    }
+
     this->m_rules->evaluate(ModSecurity::RequestBodyPhase, this);
     return 0;
 }