Add some environment variables to the whitelist in suexec

PR: 51499
Submitted by: Graham Laverty <graham reg ca>, Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1146244 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 10 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index c0a4bf6941..8273becd57 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.3.14
 
+  *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
+     REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
+     whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
+     Stefan Fritsch]
+
   *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
 
   *) mod_log_debug: New module that allows to log custom messages at various
diff --git a/support/suexec.c b/support/suexec.c
index ae17a77fcc..5d78bcdb85 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -81,6 +81,8 @@ static const char *const safe_env_lst[] =
     "AUTH_TYPE=",
     "CONTENT_LENGTH=",
     "CONTENT_TYPE=",
+    "CONTEXT_DOCUMENT_ROOT=",
+    "CONTEXT_PREFIX=",
     "DATE_GMT=",
     "DATE_LOCAL=",
     "DOCUMENT_NAME=",
@@ -99,13 +101,16 @@ static const char *const safe_env_lst[] =
     "REMOTE_IDENT=",
     "REMOTE_PORT=",
     "REMOTE_USER=",
+    "REDIRECT_ERROR_NOTES=",
     "REDIRECT_HANDLER=",
     "REDIRECT_QUERY_STRING=",
     "REDIRECT_REMOTE_USER=",
+    "REDIRECT_SCRIPT_FILENAME=",
     "REDIRECT_STATUS=",
     "REDIRECT_URL=",
     "REQUEST_METHOD=",
     "REQUEST_URI=",
+    "REQUEST_SCHEME=",
     "SCRIPT_FILENAME=",
     "SCRIPT_NAME=",
     "SCRIPT_URI=",