github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 16:06:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fills ARGS variable even on POST

Browse Source
This commit is contained in:
Felipe Zimmerle 2015-07-14 01:31:32 -03:00
parent 9f869a6aab
commit b2954ff223
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/assay.cc
View File

@ -350,6 +350,34 @@ int Assay::addRequestHeader(const unsigned char *key, size_t key_n,
*/ */
int Assay::processRequestBody() { int Assay::processRequestBody() {
debug(4, "Starting phase REQUEST_BODY. (SecRules 2)"); debug(4, "Starting phase REQUEST_BODY. (SecRules 2)");
if (m_requestBody.tellp() > 0) {
/**
* FIXME:
*
* This is configurable by secrules, we should respect whatever
* the secrules said about it.
*
*/
std::string content = m_requestBody.str();
char sep1 = '&';
std::vector<std::string> key_value = split(content, sep1);
for (std::string t : key_value) {
/**
* FIXME:
*
* Mimic modsecurity when there are multiple keys with the same name.
*
*/
char sep2 = '=';
std::vector<std::string> key_value = split(t, sep2);
store_variable("ARGS:" + key_value[0], key_value[1]);
}
}
this->m_rules->evaluate(ModSecurity::RequestBodyPhase, this); this->m_rules->evaluate(ModSecurity::RequestBodyPhase, this);
return 0; return 0;
} }