[issue27568] "HTTPoxy", use of HTTP_PROXY flag supplied by attacker in CGI scripts
Martin Panter
report at bugs.python.org
Mon Jul 18 21:22:00 EDT 2016
Martin Panter added the comment:
I suspect this won’t help on OSes like Windows where environment variable names are case-insensitive (correct me if I am wrong).
Regardless, it may be worth making the change. It would be nice to also add test case(s). And I wonder if it would be appropriate to add a notice to the documentation saying that uppercase HTTP_PROXY is ignored if REQUEST_METHOD exists.
----------
nosy: +martin.panter
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27568>
_______________________________________
More information about the Python-bugs-list
mailing list