[Zope-Checkins] CVS: Zope/ZServer - FCGIServer.py:1.13.16.3
Matt Behrens
matt@zigg.com
Wed, 14 Aug 2002 11:30:19 -0400
Update of /cvs-repository/Zope/ZServer
In directory cvs.zope.org:/tmp/cvs-serv5021
Modified Files:
Tag: Zope-2_5-branch
FCGIServer.py
Log Message:
delete Authorization environment variable to prevent leakage of password
when using FastCGI
=== Zope/ZServer/FCGIServer.py 1.13.16.2 => 1.13.16.3 ===
--- Zope/ZServer/FCGIServer.py:1.13.16.2 Mon Apr 15 16:55:11 2002
+++ Zope/ZServer/FCGIServer.py Wed Aug 14 11:30:18 2002
@@ -415,6 +415,7 @@
# But first, fixup the auth header if using newest mod_fastcgi.
if self.env.has_key('Authorization'):
self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
+ del self.env['Authorization']
self.stdin.seek(0)
self.send_response()