From 53fc7e8928ab98f2290e65fc0e61a577c8725d9f Mon Sep 17 00:00:00 2001
From: Stefan
Date: Sun, 21 Feb 2010 13:02:30 +0100
Subject: Added the line ending characters 0x0a and 0x0d to the
 server.encode/server.strip protection

---
 Changelog | 3 ++-
 ifilter.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index b6d2798..24208c6 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,7 @@
 2010-xx-xx - 0.9.30-dev
 
-    - ...
+    - Added line ending characters %0a and %0d to the list of dangerous characters handled
+      by suhosin.server.encode and suhosin.server.strip
 
 2009-08-15 - 0.9.29
 
diff --git a/ifilter.c b/ifilter.c
index 38f97a5..d635ba3 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -118,7 +118,7 @@ void normalize_varname(char *varname)
 static unsigned char suhosin_hexchars[] = "0123456789ABCDEF";
 
 static const char suhosin_is_dangerous_char[256] = {
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0,
-- 
cgit v1.3