Apache2.4 does not allow underscores in request header variables anymore

Taken from [1]...

    "Translation of headers to environment variables is more strict
    than before to mitigate some possible cross-site-scripting
    attacks via header injection. Headers containing invalid
    characters (including underscores) are now silently
    dropped."

See also: [2].

A patch can be grabbed from [3].

Mike

[1] https://httpd.apache.org/docs/trunk/new_features_2_4.html [2] https://stackoverflow.com/questions/18185366/header-names-with-underscores-ignored-in-php-5-5-1-apache-2-4-6 [3] http://anonscm.debian.org/cgit/collab-maint/fusiondirectory.git/tree/debian/patches/1002_no-underscores-in-http-request-header-vars.patch?id=8ffd02fb948bc3ca362a5519b8c89a097935973e

(from redmine: issue id 3260, created on 2014-08-08, closed on 2014-08-12)

Custom Fields:
- Bug in version: 1.0.8