diff options
| author | Nick Kew <niq@apache.org> | 2017-04-21 10:44:06 +0200 |
|---|---|---|
| committer | Nick Kew <niq@apache.org> | 2017-04-21 10:44:06 +0200 |
| commit | 38e269322b2e88d8c52f9aeb1db01ffbcecdcd13 (patch) | |
| tree | bd264d60ee544ccbc907f973cfd09ce72565b8d9 /include/httpd.h | |
| parent | Add missing documentation for secret. (diff) | |
| download | apache2-38e269322b2e88d8c52f9aeb1db01ffbcecdcd13.tar.xz apache2-38e269322b2e88d8c52f9aeb1db01ffbcecdcd13.zip | |
Introduce request taint-checking concept.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792169 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include/httpd.h')
| -rw-r--r-- | include/httpd.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/httpd.h b/include/httpd.h index ebb2a15b4c..1a33466aeb 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1074,6 +1074,11 @@ struct request_rec { * TODO: 2 bit signed bitfield when this structure is compacted */ int double_reverse; + /** Mark the request as potentially tainted. This might become a + * bitfield if we identify different taints to be flagged. + * Always use ap_request_tainted() to check taint. + */ + int taint; }; /** @@ -2153,6 +2158,17 @@ AP_DECLARE(apr_status_t) ap_timeout_parameter_parse( */ AP_DECLARE(int) ap_request_has_body(request_rec *r); +/** Request taint flags. Only .htaccess defined. */ +#define AP_TAINT_HTACCESS 0x1 +/** + * Check whether a request is tainted by potentially-untrusted sources. + * + * @param r the request + * @param flags Taint flags to check + * @return truth value + */ +AP_DECLARE(int) ap_request_tainted(request_rec *r, int flags); + /** * Cleanup a string (mainly to be filesystem safe) * We only allow '_' and alphanumeric chars. Non-printable |