1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00

Possible HTTP-Splitting vulnerability (#33)

Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" may lead to http injection.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
Reason: At least variable "$uri" can contain "\n"
This commit is contained in:
Jeremy MANSON 2017-08-23 09:13:56 +02:00 committed by JimboJoe
parent 1a552c32a2
commit 769eedfa00

View file

@ -37,7 +37,7 @@ location ^~ #LOCATION# {
#rewrite ^/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;
location #LOCATION# {
rewrite ^ #PATH#/index.php$uri;
rewrite ^ #PATH#/index.php$request_uri;
}
location = #PATH#/robots.txt {