You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fi...@hyperreal.org on 2000/02/08 01:34:47 UTC
cvs commit: apache-1.3/src/modules/proxy proxy_util.c
fielding 00/02/07 16:34:44
Modified: src/main http_protocol.c
src/modules/proxy proxy_util.c
Log:
Fix a few more cases where we were not properly html_escaping text
for error-notes that came from the untrusted client request.
Revision Changes Path
1.288 +2 -2 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.287
retrieving revision 1.288
diff -u -r1.287 -r1.288
--- http_protocol.c 2000/02/02 20:43:50 1.287
+++ http_protocol.c 2000/02/08 00:34:36 1.288
@@ -958,7 +958,7 @@
r->status = HTTP_BAD_REQUEST;
ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
"Size of a request header field exceeds server limit.<P>\n"
- "<PRE>\n", field, "</PRE>\n", NULL));
+ "<PRE>\n", ap_escape_html(r->pool, field), "</PRE>\n", NULL));
return;
}
copy = ap_palloc(r->pool, len + 1);
@@ -968,7 +968,7 @@
r->status = HTTP_BAD_REQUEST; /* or abort the bad request */
ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
"Request header field is missing colon separator.<P>\n"
- "<PRE>\n", copy, "</PRE>\n", NULL));
+ "<PRE>\n", ap_escape_html(r->pool, copy), "</PRE>\n", NULL));
return;
}
1.85 +3 -2 apache-1.3/src/modules/proxy/proxy_util.c
Index: proxy_util.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- proxy_util.c 2000/02/02 20:43:57 1.84
+++ proxy_util.c 2000/02/08 00:34:40 1.85
@@ -845,13 +845,14 @@
ap_pstrcat(r->pool,
"The proxy server could not handle the request "
"<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
- "\">", r->method, " ",
+ "\">", ap_escape_html(r->pool, r->method),
+ " ",
ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
"Reason: <STRONG>",
ap_escape_html(r->pool, message),
"</STRONG>", NULL));
- /* Allow the "error-notes" string to be printed by ap_send_error_response() */
+ /* Allow "error-notes" string to be printed by ap_send_error_response() */
ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
r->status_line = ap_psprintf(r->pool, "%3.3u Proxy Error", statuscode);