[patch] Fix the XSS

apache-svn-v2.patch (text/plain), 1.11 KB, created by Victor Stinner on 2007-12-03 06:50:59 UTC

(hide)

Description: Fix the XSS

Filename:

MIME Type:

Creator: Victor Stinner

Created: 2007-12-03 06:50:59 UTC

Size: 1.11 KB

patch

obsolete

>Index: modules/http/http_protocol.c >=================================================================== >--- modules/http/http_protocol.c (révision 600534) >+++ modules/http/http_protocol.c (copie de travail) >@@ -931,7 +931,7 @@ > case HTTP_LENGTH_REQUIRED: > s1 = apr_pstrcat(p, > "<p>A request of the requested method ", >- r->method, >+ ap_escape_html(r->pool, r->method), > " requires a valid Content-length.<br />\n", > NULL); > return(add_optional_notes(r, s1, "error-notes", "</p>\n")); >@@ -978,7 +978,7 @@ > "The requested resource<br />", > ap_escape_html(r->pool, r->uri), "<br />\n", > "does not allow request data with ", >- r->method, >+ ap_escape_html(r->pool, r->method), > " requests, or the amount of data provided in\n" > "the request exceeds the capacity limit.\n", > NULL)); View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]