version 4.8, 2019/11/09 09:41:07 |
version 4.10, 2019/11/09 10:18:09 |
Line 358 if (defined($ENV{QUERY_STRING})) { |
|
Line 358 if (defined($ENV{QUERY_STRING})) { |
|
$p =~ y/+/ /; |
$p =~ y/+/ /; |
my ($key, $val) = split(/=/, $p, 2); |
my ($key, $val) = split(/=/, $p, 2); |
next unless defined($key); |
next unless defined($key); |
$val = 1 unless defined($val); |
$key = uri_unescape($key); |
($key = uri_unescape($key)) =~ /[[:graph:]]/ or next; |
$key =~ /([^a-z_12-])/ and fatal('404 Not Found', |
($val = uri_unescape($val)) =~ /[[:graph:]]/ or next; |
'Invalid character "%s" in query parameter "%s"', $1, $key); |
|
if (defined $val) { |
|
$val = uri_unescape($val); |
|
$val =~ /([^a-zA-Z_01-9.\/-])/ and fatal('404 Not Found', |
|
'Invalid character "%s" in the value "%s" of the query parameter "%s"', |
|
$1, $value, $key); |
|
} else { |
|
$val = 1; |
|
} |
$query{$key} = $val; |
$query{$key} = $val; |
} |
} |
} |
} |
Line 4234 sub http_header(;$$) |
|
Line 4242 sub http_header(;$$) |
|
push(@headers, 'Last-Modified: ' . scalar gmtime($moddate) . ' GMT') |
push(@headers, 'Last-Modified: ' . scalar gmtime($moddate) . ' GMT') |
if $moddate; |
if $moddate; |
push(@headers, 'Content-Type: ' . $content_type); |
push(@headers, 'Content-Type: ' . $content_type); |
|
push(@headers, "Content-Security-Policy: default-src 'none'; " . |
|
"img-src 'self'; style-src 'unsafe-inline'"); |
|
|
if ($allow_compress && $maycompress) { |
if ($allow_compress && $maycompress) { |
if (HAS_ZLIB |
if (HAS_ZLIB |