YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] CVE-2019-11043

Browse source
This commit is contained in:
ljf (zamentur) 2019-10-28 00:34:35 +01:00 committed by GitHub
parent 0c55f38fda
commit 8433de3fe2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
access.lua
View file

@ -28,6 +28,13 @@ local rex = require "rex_pcre"
-- Just a note for the client to know that he passed through the SSO
ngx.header["X-SSO-WAT"] = "You've just been SSOed"
-- Quick fix for CVE-2019-11043 about php-fpm and nginx
local loweruri = string.lower(ngx.var.uri)
ngx.header["X-SSO-DEBUG"] = loweruri
if string.match(loweruri, "\n") or string.match(loweruri, "\r") then
return ngx.exit(ngx.HTTP_FORBIDDEN)
end
--
-- 1. LOGIN