Commit9b90d86

authored and

Felipe Zimmerle

committed

Add capture action to @detectXSS operator

1 parent185ec6f commit9b90d86Copy full SHA for 9b90d86

File tree

-1

lines changed

-1

lines changed

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2158,12 +2158,14 @@ static int msre_op_detectSQLi_execute(modsec_rec msr, msre_rule rule, msre_var`
`2158`	`2158`	`*/`
`2159`	`2159`	`staticintmsre_op_detectXSS_execute(modsec_recmsr,msre_rulerule,msre_var*var,`
`2160`	`2160`	`char**error_msg) {`
`2161`		`-`
	`2161`	`+intcapture;`
`2162`	`2162`	`intis_xss;`
`2163`	`2163`
`2164`	`2164`	`is_xss=libinjection_xss(var->value,var->value_len);`
	`2165`	`+capture=apr_table_get(rule->actionset->actions,"capture") ?1 :0;`
`2165`	`2166`
`2166`	`2167`	`if (is_xss) {`
	`2168`	`+set_match_to_tx(msr,capture,var->value,0);`
`2167`	`2169`	`*error_msg=apr_psprintf(msr->mp,"detected XSS using libinjection.");`
`2168`	`2170`
`2169`	`2171`	`if (msr->txcfg->debuglog_level >=9) {`

Comments

(0)