Apache2.4 does not allow underscores in request header variables anymore
Taken from [1]...
"Translation of headers to environment variables is more strict
than before to mitigate some possible cross-site-scripting
attacks via header injection. Headers containing invalid
characters (including underscores) are now silently
dropped."
See also: [2].
A patch can be grabbed from [3].
Mike
[1] https://httpd.apache.org/docs/trunk/new_features_2_4.html [2] https://stackoverflow.com/questions/18185366/header-names-with-underscores-ignored-in-php-5-5-1-apache-2-4-6 [3] http://anonscm.debian.org/cgit/collab-maint/fusiondirectory.git/tree/debian/patches/1002_no-underscores-in-http-request-header-vars.patch?id=8ffd02fb948bc3ca362a5519b8c89a097935973e
(from redmine: issue id 3260, created on 2014-08-08, closed on 2014-08-12)
- Custom Fields:
- Bug in version: 1.0.8