| 123456789101112131415161718 |
- Security Fix (CVE-2007-1349)
- Fix unescaped variable interpolation in regular expression
- http://svn.apache.org/viewvc?view=rev&revision=521582
- http://secunia.com/advisories/24678/
- Index: lib/Apache/PerlRun.pm
- --- lib/Apache/PerlRun.pm.orig 2003-03-08 05:11:09 +0100
- +++ lib/Apache/PerlRun.pm 2007-03-29 16:23:47 +0200
- @@ -168,7 +168,7 @@
- $uri) if $Debug && $Debug & 4;
-
- my $path_info = $r->path_info;
- - my $script_name = $path_info && $uri =~ /$path_info$/ ?
- + my $script_name = $path_info && $uri =~ /\Q$path_info\E$/ ?
- substr($uri, 0, length($uri)-length($path_info)) :
- $uri;
-
|
