Bug 42847

Summary: mod_info outputs invalid XHTML 1.0 Transitional
Product: Apache httpd-2 Reporter: Takashi Sato <takashi.asfbugzilla>
Component: mod_infoAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: RFC
Priority: P3    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Patch for mod_info to ap_escape_html cmd->errmsg

Description Takashi Sato 2007-07-10 08:51:10 UTC
Comment 1 Takashi Sato 2007-07-10 08:56:19 UTC 
If a server loaded mod_authz_core, mod_info outputs a invalid XHTML 1.0 
transitional.
mod_authz_core.c line 564-568 contains <Directory> and <Location> .
Comment 2 Vincent Bray 2007-07-22 00:57:56 UTC 
Created attachment 20533 [details]
Patch for mod_info to ap_escape_html cmd->errmsg

Patch attached and tested. A cursory grep of other modules doesn't reveal any
areas where output might be double escaped. Thanks to Rici Lake for writing it
:-)
Comment 3 Jim Jagielski 2007-08-03 08:27:01 UTC 
In trunk. Possible backport to 2.2.x
Comment 4 Ruediger Pluem 2007-09-02 03:00:53 UTC 
Proposed for backport as r571936 (http://svn.apache.org/viewvc?rev=571936&view=rev).
Comment 5 Ruediger Pluem 2007-09-04 07:43:37 UTC 
Backported to 2.2.x as r572632 (http://svn.apache.org/viewvc?rev=572632&view=rev).