From 2514105ae419b65e9f1011f00eca3baef4fc7911 Mon Sep 17 00:00:00 2001
From: Daniel Gruno <humbedooh@apache.org>
Date: Thu, 27 Mar 2014 10:58:35 +0000
Subject: [PATCH] mod_lua: escape key/value pairs when setting cookies to
 prevent header splitting with tainted cookies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582253 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/lua/lua_request.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
index 652ba4013d..83ecd88cff 100644
--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -2057,6 +2057,10 @@ static int lua_set_cookie(lua_State *L)
         strdomain = apr_psprintf(r->pool, "Domain=%s;", domain);
     }
     
+    /* URL-encode key/value */
+    value = ap_escape_urlencoded(r->pool, value);
+    key = ap_escape_urlencoded(r->pool, key);
+    
     /* Create the header */
     out = apr_psprintf(r->pool, "%s=%s; %s %s %s %s %s", key, value, 
             secure ? "Secure;" : "", 
-- 
2.40.0