* Frank Ch. Eigler:
> - return string(hostname) + string(":") + string(servname);
> + // extract headers relevant to administration
> + const char* user_agent = MHD_lookup_connection_value (conn,
> MHD_HEADER_KIND, "User-Agent") ?: "";
> + const char* x_forwarded_for = MHD_lookup_connection_value (conn,
> MHD_HEADER_KIND, "X-Forwarded-For") ?: "";
> + // NB: these are untrustworthy, beware if machine-processing log files
> +
> + return string(hostname) + string(":") + string(servname) + string(" UA:")
> + string(user_agent) + string(" XFF:") + string(x_forwarded_for);
> }
>
>
Should this add quoting to make the field boundaries unforgeable?
Thanks,
Florian
