From 2f55732dbf415c25da9773b8189bbf6ecef021c2 Mon Sep 17 00:00:00 2001
From: Alex Shinn <ashinn@users.noreply.github.com>
Date: Fri, 26 Sep 2014 20:26:07 +0900
Subject: [PATCH] Using safe-setenv for env parameters set in cgi requests.

---
 lib/chibi/net/http-server.scm | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/chibi/net/http-server.scm b/lib/chibi/net/http-server.scm
index ef1bb511..68c1566d 100644
--- a/lib/chibi/net/http-server.scm
+++ b/lib/chibi/net/http-server.scm
@@ -215,12 +215,12 @@
           (duplicate-file-descriptor-to
            (port-fileno (request-in request)) 0)
           (duplicate-file-descriptor-to (port-fileno out) 1)
-          (setenv "HTTP_HOST" (request-host request))
-          (setenv "REQUEST_URI" (uri->string (request-uri request)))
-          (setenv "REQUEST_METHOD"
-                  (symbol->string (request-method request)))
-          (setenv "QUERY_STRING"
-                  (or (uri-query (request-uri request)) ""))
+          (safe-setenv "HTTP_HOST" (request-host request))
+          (safe-setenv "REQUEST_URI" (uri->string (request-uri request)))
+          (safe-setenv "REQUEST_METHOD"
+                       (symbol->string (request-method request)))
+          (safe-setenv "QUERY_STRING"
+                       (or (uri-query (request-uri request)) ""))
           (let ((res (execute local-path (list local-path))))
             (display "failed to execute program: " (current-error-port))
             (write local-path (current-error-port))