You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fi...@hyperreal.org on 2000/02/08 01:34:47 UTC

cvs commit: apache-1.3/src/modules/proxy proxy_util.c

fielding    00/02/07 16:34:44

  Modified:    src/main http_protocol.c
               src/modules/proxy proxy_util.c
  Log:
  Fix a few more cases where we were not properly html_escaping text
  for error-notes that came from the untrusted client request.
  
  Revision  Changes    Path
  1.288     +2 -2      apache-1.3/src/main/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
  retrieving revision 1.287
  retrieving revision 1.288
  diff -u -r1.287 -r1.288
  --- http_protocol.c	2000/02/02 20:43:50	1.287
  +++ http_protocol.c	2000/02/08 00:34:36	1.288
  @@ -958,7 +958,7 @@
               r->status = HTTP_BAD_REQUEST;
               ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
                   "Size of a request header field exceeds server limit.<P>\n"
  -                "<PRE>\n", field, "</PRE>\n", NULL));
  +                "<PRE>\n", ap_escape_html(r->pool, field), "</PRE>\n", NULL));
               return;
           }
           copy = ap_palloc(r->pool, len + 1);
  @@ -968,7 +968,7 @@
               r->status = HTTP_BAD_REQUEST;       /* or abort the bad request */
               ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
                   "Request header field is missing colon separator.<P>\n"
  -                "<PRE>\n", copy, "</PRE>\n", NULL));
  +                "<PRE>\n", ap_escape_html(r->pool, copy), "</PRE>\n", NULL));
               return;
           }
   
  
  
  
  1.85      +3 -2      apache-1.3/src/modules/proxy/proxy_util.c
  
  Index: proxy_util.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
  retrieving revision 1.84
  retrieving revision 1.85
  diff -u -r1.84 -r1.85
  --- proxy_util.c	2000/02/02 20:43:57	1.84
  +++ proxy_util.c	2000/02/08 00:34:40	1.85
  @@ -845,13 +845,14 @@
   		  ap_pstrcat(r->pool, 
   			     "The proxy server could not handle the request "
   			     "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
  -			     "\">", r->method, "&nbsp;", 
  +			     "\">", ap_escape_html(r->pool, r->method),
  +			     "&nbsp;", 
   			     ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
   			     "Reason: <STRONG>",
   			     ap_escape_html(r->pool, message), 
   			     "</STRONG>", NULL));
   
  -    /* Allow the "error-notes" string to be printed by ap_send_error_response() */
  +    /* Allow "error-notes" string to be printed by ap_send_error_response() */
       ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
   
       r->status_line = ap_psprintf(r->pool, "%3.3u Proxy Error", statuscode);