Add protection against injection attacks (like XSS/SQL/other) through HTTP User-Agent String

author: Stefan Esser 2014-06-09 09:03:03 +0200
committer: Stefan Esser 2014-06-09 09:03:03 +0200
commit: 134a88c1da096f787a560c43534f07b74867b9cb (patch)
tree: ab925ecba15c137a3b916ac65964d9b1c32f513a /ifilter.c
parent: cd70620d20aef7fa5b89065c39708186f0b590c4 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ifilter.c b/ifilter.c
index d73106b..cd02869 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -249,6 +249,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
                suhosin_server_strip(svars, "PHP_SELF", sizeof("PHP_SELF"));
                suhosin_server_strip(svars, "PATH_INFO", sizeof("PATH_INFO"));
                suhosin_server_strip(svars, "PATH_TRANSLATED", sizeof("PATH_TRANSLATED"));
+                suhosin_server_strip(svars, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"));
        }
 }
 /* }}} */
author	Stefan Esser	2014-06-09 09:03:03 +0200
committer	Stefan Esser	2014-06-09 09:03:03 +0200
commit	134a88c1da096f787a560c43534f07b74867b9cb (patch)
tree	ab925ecba15c137a3b916ac65964d9b1c32f513a /ifilter.c
parent	cd70620d20aef7fa5b89065c39708186f0b590c4 (diff)

diff --git a/ifilter.c b/ifilter.c index d73106b..cd02869 100644 --- a/ifilter.c +++ b/ifilter.c
@@ -249,6 +249,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
249	suhosin_server_strip(svars, "PHP_SELF", sizeof("PHP_SELF"));	249	suhosin_server_strip(svars, "PHP_SELF", sizeof("PHP_SELF"));
250	suhosin_server_strip(svars, "PATH_INFO", sizeof("PATH_INFO"));	250	suhosin_server_strip(svars, "PATH_INFO", sizeof("PATH_INFO"));
251	suhosin_server_strip(svars, "PATH_TRANSLATED", sizeof("PATH_TRANSLATED"));	251	suhosin_server_strip(svars, "PATH_TRANSLATED", sizeof("PATH_TRANSLATED"));
		252	suhosin_server_strip(svars, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"));
252	}	253	}
253	}	254	}
254	/* }}} */	255	/* }}} */