ASF Bugzilla – Attachment 21220 Details for
Bug 44014
Fix XSS in error page #413
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix the XSS
apache-svn-v2.patch (text/plain), 1.11 KB, created by
Victor Stinner
on 2007-12-03 06:50:59 UTC
(
hide
)
Description:
Fix the XSS
Filename:
MIME Type:
Creator:
Victor Stinner
Created:
2007-12-03 06:50:59 UTC
Size:
1.11 KB
patch
obsolete
>Index: modules/http/http_protocol.c >=================================================================== >--- modules/http/http_protocol.c (révision 600534) >+++ modules/http/http_protocol.c (copie de travail) >@@ -931,7 +931,7 @@ > case HTTP_LENGTH_REQUIRED: > s1 = apr_pstrcat(p, > "<p>A request of the requested method ", >- r->method, >+ ap_escape_html(r->pool, r->method), > " requires a valid Content-length.<br />\n", > NULL); > return(add_optional_notes(r, s1, "error-notes", "</p>\n")); >@@ -978,7 +978,7 @@ > "The requested resource<br />", > ap_escape_html(r->pool, r->uri), "<br />\n", > "does not allow request data with ", >- r->method, >+ ap_escape_html(r->pool, r->method), > " requests, or the amount of data provided in\n" > "the request exceeds the capacity limit.\n", > NULL));
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44014
: 21220