Re: rfc/patch: user-agent distro-description for debuginfod http traffic

[Florian Weimer]

* Frank Ch. Eigler:

> -  return string(hostname) + string(":") + string(servname);
> +  // extract headers relevant to administration
> +  const char* user_agent = MHD_lookup_connection_value (conn, 
> MHD_HEADER_KIND, "User-Agent") ?: "";
> +  const char* x_forwarded_for = MHD_lookup_connection_value (conn, 
> MHD_HEADER_KIND, "X-Forwarded-For") ?: "";
> +  // NB: these are untrustworthy, beware if machine-processing log files
> +
> +  return string(hostname) + string(":") + string(servname) + string(" UA:") 
> + string(user_agent) + string(" XFF:") + string(x_forwarded_for);
>  }
>  
>  
Should this add quoting to make the field boundaries unforgeable?

Thanks,
Florian

Re: rfc/patch: user-agent distro-description for debuginfod http traffic

[Frank Ch. Eigler]

Hi -

> Should this add quoting to make the field boundaries unforgeable?

I'm thinking of adding a second output stream later on, for machine
consumption, with that info carefully quoted.

- FChE