develooper Front page | perl.libwww | Postings from March 2001

libwww-perl-5.51 (with CGI security fix)

Thread Next
From:
Gisle Aas
Date:
March 15, 2001 12:21
Subject:
libwww-perl-5.51 (with CGI security fix)
Message ID:
lrbsr2aims.fsf@caliper.ActiveState.com
Index: lib/LWP/UserAgent.pm
===================================================================
RCS file: /cvsroot/libwww-perl/lwp5/lib/LWP/UserAgent.pm,v
retrieving revision 1.74
retrieving revision 1.77
diff -u -p -u -r1.74 -r1.77
--- lib/LWP/UserAgent.pm	2000/06/01 13:35:15	1.74
+++ lib/LWP/UserAgent.pm	2001/03/14 20:48:19	1.77
@@ -627,12 +627,24 @@ specify proxies like this (sh-syntax):
 Csh or tcsh users should use the C<setenv> command to define these
 environment variables.
 
+On systems with case-insensitive environment variables there exists a
+name clash between the CGI environment variables and the C<HTTP_PROXY>
+environment variable normally picked up by env_proxy().  Because of
+this C<HTTP_PROXY> is not honored for CGI scripts.  The
+C<CGI_HTTP_PROXY> environment variable can be used instead.
+
 =cut
 
 sub env_proxy {
     my ($self) = @_;
     my($k,$v);
     while(($k, $v) = each %ENV) {
+	if ($ENV{REQUEST_METHOD}) {
+	    # Need to be careful when called in the CGI environment, as
+	    # the HTTP_PROXY variable is under control of that other guy.
+	    next if $k =~ /^HTTP_/;
+	    $k = "HTTP_PROXY" if $k eq "CGI_HTTP_PROXY";
+	}
 	$k = lc($k);
 	next unless $k =~ /^(.*)_proxy$/;
 	$k = $1;

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About