README.md
Rendering markdown...
--- httpd-2.4.66/modules/proxy/mod_proxy_fcgi.c 2026-05-05 14:45:40
+++ httpd-2.4.67/modules/proxy/mod_proxy_fcgi.c 2026-05-05 14:45:40
@@ -1338,9 +1338,15 @@
const char *err;
sei_entry *new;
const char *envvar = arg2;
+ unsigned int flags = 0;
+
+ /* Use restricted ap_expr() parser in htaccess context. */
+ if (cmd->pool == cmd->temp_pool) {
+ flags |= AP_EXPR_FLAG_RESTRICTED;
+ }
new = apr_array_push(dconf->env_fixups);
- new->cond = ap_expr_parse_cmd(cmd, arg1, 0, &err, NULL);
+ new->cond = ap_expr_parse_cmd(cmd, arg1, flags, &err, NULL);
if (err) {
return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s",
arg1, err);
@@ -1367,7 +1373,8 @@
arg3 = "";
}
- new->subst = ap_expr_parse_cmd(cmd, arg3, AP_EXPR_FLAG_STRING_RESULT, &err, NULL);
+ flags |= AP_EXPR_FLAG_STRING_RESULT;
+ new->subst = ap_expr_parse_cmd(cmd, arg3, flags, &err, NULL);
if (err) {
return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s",
arg3, err);