Blame SOURCES/0001-don-t-echo-query-params-on-invalid-requests-to-redir.patch
|
 |
0462b3 |
From d3973074a984f78af2267006625a11e672574dff Mon Sep 17 00:00:00 2001
|
|
|
0462b3 |
From: Hans Zandbelt <hzandbelt@pingidentity.com>
|
|
|
0462b3 |
Date: Thu, 19 Jan 2017 00:03:37 +0100
|
|
|
0462b3 |
Subject: [PATCH 1000/1002] don't echo query params on invalid requests to
|
|
|
0462b3 |
redirect URI; closes #212
|
|
|
0462b3 |
|
|
|
0462b3 |
thanks @LukasReschke; I'm sure there's some OWASP guideline that warns
|
|
|
0462b3 |
against this
|
|
|
0462b3 |
|
|
|
0462b3 |
(cherry picked from commit 612e309bfffd6f9b8ad7cdccda3019fc0865f3b4)
|
|
|
0462b3 |
---
|
|
|
0462b3 |
src/mod_auth_openidc.c | 4 ++--
|
|
|
0462b3 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
0462b3 |
|
|
|
0462b3 |
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
|
0462b3 |
index 2db6108..a494238 100644
|
|
|
0462b3 |
--- a/src/mod_auth_openidc.c
|
|
|
0462b3 |
+++ b/src/mod_auth_openidc.c
|
|
|
0462b3 |
@@ -2493,8 +2493,8 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c,
|
|
|
0462b3 |
/* something went wrong */
|
|
|
0462b3 |
return oidc_util_html_send_error(r, c->error_template, "Invalid Request",
|
|
|
0462b3 |
apr_psprintf(r->pool,
|
|
|
0462b3 |
- "The OpenID Connect callback URL received an invalid request: %s",
|
|
|
0462b3 |
- r->args), HTTP_INTERNAL_SERVER_ERROR);
|
|
|
0462b3 |
+ "The OpenID Connect callback URL received an invalid request"),
|
|
|
0462b3 |
+ HTTP_INTERNAL_SERVER_ERROR);
|
|
|
0462b3 |
}
|
|
|
0462b3 |
|
|
|
0462b3 |
/*
|
|
|
0462b3 |
--
|
|
|
0462b3 |
2.19.2
|
|
|
0462b3 |
|