github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Additional adjustment to Cookie header parsing

Browse Source
This commit is contained in:
martinhsv 2019-11-20 13:39:17 -08:00 committed by Felipe Zimmerle
parent 6395fe07ce
commit ea7cacf289
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.4 - YYYY-MMM-DD (to be released)
-------------------------------------
- Additional adjustment to Cookie header parsing
[@martinhsv]
- Restore chained rule part H logging to be more like 2.9 behaviour
[Issue #2196 - @martinhsv]
- Small fixes in log messages to help debugging the file upload

6
src/transaction.cc
View File

@ -552,9 +552,9 @@ int Transaction::addRequestHeader(const std::string& key,
std::vector<std::string> cookies = utils::string::ssplit(value, ';');
// Get rid of any optional whitespace after the cookie-string
// (i.e. after the end of the final cookie-pair)
if (!cookies.empty()) {
// Get rid of any optional whitespace after the cookie-string
// (i.e. after the end of the final cookie-pair)
std::string& final_cookie_pair = cookies.back();
while (!final_cookie_pair.empty() && isspace(final_cookie_pair.back())) {
final_cookie_pair.pop_back();
@ -586,7 +586,7 @@ int Transaction::addRequestHeader(const std::string& key,
}
// ltrim the key - following the modsec v2 way
while (ckey.empty() == false && ckey.at(0) == ' ') {
while (ckey.empty() == false && isspace(ckey.at(0))) {
ckey.erase(0, 1);
localOffset++;
}