[Zope-Checkins] CVS: Zope/ZServer - FCGIServer.py:1.13.16.3

Matt Behrens matt@zigg.com
Wed, 14 Aug 2002 11:30:19 -0400


Update of /cvs-repository/Zope/ZServer
In directory cvs.zope.org:/tmp/cvs-serv5021

Modified Files:
      Tag: Zope-2_5-branch
	FCGIServer.py 
Log Message:
delete Authorization environment variable to prevent leakage of password
when using FastCGI


=== Zope/ZServer/FCGIServer.py 1.13.16.2 => 1.13.16.3 ===
--- Zope/ZServer/FCGIServer.py:1.13.16.2	Mon Apr 15 16:55:11 2002
+++ Zope/ZServer/FCGIServer.py	Wed Aug 14 11:30:18 2002
@@ -415,6 +415,7 @@
             # But first, fixup the auth header if using newest mod_fastcgi.
             if self.env.has_key('Authorization'):
                 self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
+                del self.env['Authorization']
 
             self.stdin.seek(0)
             self.send_response()