Roundup Tracker - Issues


Author jerrykan
Recipients antmail, ber, jerrykan
Date 2014-04-14.13:36:29
Message-id <>
Hello Anthony,

At a quick glance it looks like this should work, but I have a question
about the headersToEnviron() function.

I am wondering if there are an security implications as a result of
converting all headers to environment variables? Would it be possible
for a client to craft a request with a custom header that could then
potentially lead to a particular environment variable being set that
could have unintended consequences?

If the headersToEnviron() function is only being used to ensure that the
one header specified by the WEB_UID_VARIABLE is set as an environment
variable, might it be better to convert only that one header to an
environment variable instead of all of them? or am I missing something
else in the use of the headersToEnviron() function?
Date User Action Args
2014-04-14 13:36:30jerrykansetmessageid: <>
2014-04-14 13:36:30jerrykansetrecipients: + jerrykan, ber, antmail
2014-04-14 13:36:30jerrykanlinkissue2550837 messages
2014-04-14 13:36:29jerrykancreate