From 9b6e2862b6c455afc9d39576641705c5d06671f8 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Sat, 25 Nov 2006 02:28:17 +0000
Subject: [PATCH] haserl: use a different prefix for cookie variables to
 prevent form variable injection from other websites (potential security risk)

SVN-Revision: 5638
---
 .../haserl/patches/100-cookie_prefix.patch    | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 package/haserl/patches/100-cookie_prefix.patch

diff --git a/package/haserl/patches/100-cookie_prefix.patch b/package/haserl/patches/100-cookie_prefix.patch
new file mode 100644
index 0000000000..abd19bcb43
--- /dev/null
+++ b/package/haserl/patches/100-cookie_prefix.patch
@@ -0,0 +1,20 @@
+diff -ur haserl.old/src/haserl.c haserl.dev/src/haserl.c
+--- haserl.old/src/haserl.c	2004-11-10 18:59:35.000000000 +0100
++++ haserl.dev/src/haserl.c	2006-11-25 03:24:31.000000000 +0100
+@@ -74,6 +74,7 @@
+ token_t 	/*@null@*/ *token_list = NULL;
+ 
+ char	global_variable_prefix[] = HASERL_VAR_PREFIX;
++char	cookie_variable_prefix[] = "COOKIE_";
+ int	global_subshell_pipe[4];
+ int	global_subshell_pid;
+ int	global_subshell_died = 0;
+@@ -221,7 +222,7 @@
+ 	while (token) {
+ 		// skip leading spaces 
+ 		while ( token[0] == ' ' ) { token++; }
+-		myputenv(token, global_variable_prefix);
++		myputenv(token, cookie_variable_prefix);
+ 		token=strtok(NULL, ";");
+ 		}
+ 	free (qs);