--- parser3/src/classes/file.C	2002/06/11 14:14:15	1.83
+++ parser3/src/classes/file.C	2002/06/18 14:22:45	1.87
@@ -4,7 +4,7 @@
 	Copyright (c) 2001, 2002 ArtLebedev Group (http://www.artlebedev.com)
 	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 
-	$Id: file.C,v 1.83 2002/06/11 14:14:15 paf Exp $
+	$Id: file.C,v 1.87 2002/06/18 14:22:45 paf Exp $
 */
 
 #include "pa_config_includes.h"
@@ -190,20 +190,23 @@ static void _stat(Request& r, const Stri
 }
 
 static bool is_safe_env_key(const char *key) {
-	if(strncmp(key, "HTTP_", 5)==0)
+	if(strnicmp(key, "HTTP_", 5)==0)
 		return true;
-	if(strncmp(key, "CGI_", 4)==0)
+	if(strncasecmp(key, "CGI_", 4)==0)
 		return true;
 	for(int i=0; suexec_safe_env_lst[i]; i++) {
-		if(strncmp(key, suexec_safe_env_lst[i], strlen(suexec_safe_env_lst[i]))==0)
+		if(strcasecmp(key, suexec_safe_env_lst[i])==0)
 			return true;
 	}
 	return false;
 }
 static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) {
 	Hash& hash=*static_cast<Hash *>(info);
-	if(is_safe_env_key(key.cstr()))
-		hash.put(key, &static_cast<Value *>(value)->as_string());
+	if(!is_safe_env_key(key.cstr()))
+		throw Exception("parser.runtime",
+			&key,
+			"not safe environment variable");
+	hash.put(key, &static_cast<Value *>(value)->as_string());
 }
 static void pass_cgi_header_attribute(Array::Item *value, void *info) {
 	String& string=*static_cast<String *>(value);