Skip to content
Commit 16d57e77 authored by Jim Jagielski's avatar Jim Jagielski
Browse files

Merge r661666 from trunk:

Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)

* modules/proxy/mod_proxy_balancer.c (balancer_init): New function.
  (balancer_handler): Place a nonce in the form output, and check that
  the submitted form data includes that nonce.
  (ap_proxy_balancer_register_hook): Register the new post_config hook.

Submitted by: jorton
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@663514 13f79535-47bb-0310-9956-ffa450edef68
parent cceda44d
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment