delete Authorization environment variable to prevent leakage of password

when using FastCGI

delete Authorization environment variable to prevent leakage of password
when using FastCGI
379ea516 · Matt Behrens · b1d10231 · 379ea516 · 379ea516
Commit 379ea516 authored Aug 14, 2002 by Matt Behrens
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

ZServer/FCGIServer.py ZServer/FCGIServer.py +1 -0

lib/python/ZServer/FCGIServer.py lib/python/ZServer/FCGIServer.py +1 -0

No files found.
--- a/ZServer/FCGIServer.py
+++ b/ZServer/FCGIServer.py
@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat):
            # But first, fixup the auth header if using newest mod_fastcgi.
            if self.env.has_key('Authorization'):
                self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
+		del self.env['Authorization']

            self.stdin.seek(0)
            self.send_response()

--- a/lib/python/ZServer/FCGIServer.py
+++ b/lib/python/ZServer/FCGIServer.py
@@ -415,6 +415,7 @@ class FCGIChannel(asynchat.async_chat):
            # But first, fixup the auth header if using newest mod_fastcgi.
            if self.env.has_key('Authorization'):
                self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
+		del self.env['Authorization']

            self.stdin.seek(0)
            self.send_response()