[issue27568] "HTTPoxy", use of HTTP_PROXY flag supplied by attacker in CGI scripts
Rémi Rampin
report at bugs.python.org
Tue Jul 19 00:14:13 EDT 2016
Rémi Rampin added the comment:
I am willing to work on documentation and tests if there is an interest in the patch.
On Windows, if REQUEST_METHOD is set, it is probably safe to assume that HTTP_* variables come from the web server: setting this variable is not the way we set a proxy there, so ignoring this dubious variable is probably fine.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27568>
_______________________________________
More information about the Python-bugs-list
mailing list