You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/24 12:45:30 UTC
svn commit: r606693 - in /httpd/httpd/trunk: CHANGES
modules/dav/main/mod_dav.c modules/generators/mod_info.c
modules/ldap/util_ldap.c modules/proxy/mod_proxy_balancer.c
modules/proxy/mod_proxy_ftp.c
Author: rpluem
Date: Mon Dec 24 03:45:22 2007
New Revision: 606693
URL: http://svn.apache.org/viewvc?rev=606693&view=rev
Log:
* Set character set for HTML outputs generated by mod_ldap,
mod_proxy_balancer, mod_proxy_ftp, mod_info, mod_dav without a character
set to ISO-8859-1.
Submitted by: jorton
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/dav/main/mod_dav.c
httpd/httpd/trunk/modules/generators/mod_info.c
httpd/httpd/trunk/modules/ldap/util_ldap.c
httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec 24 03:45:22 2007
@@ -2,6 +2,22 @@
Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid
+ UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+ *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1
+ to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+ *) mod_proxy_ftp: Set character set for generated FTP directory listing to
+ ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers.
+ [Joe Orton]
+
+ *) mod_info: Set character set for info page to ISO-8859-1 to avoid
+ UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+ *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid
+ UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
*) mod_ssl: Added server name indication support (RFC 4366).
PR 34607. [Kaspar Brand <asfbugz velox.ch>]
Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/mod_dav.c (original)
+++ httpd/httpd/trunk/modules/dav/main/mod_dav.c Mon Dec 24 03:45:22 2007
@@ -314,7 +314,7 @@
{
r->status = status;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
/* begin the response now... */
ap_rvputs(r,
Modified: httpd/httpd/trunk/modules/generators/mod_info.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_info.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_info.c Mon Dec 24 03:45:22 2007
@@ -608,7 +608,7 @@
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
ap_rputs(DOCTYPE_XHTML_1_0T
"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Mon Dec 24 03:45:22 2007
@@ -106,7 +106,7 @@
return DECLINED;
}
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
if (r->header_only)
return OK;
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Mon Dec 24 03:45:22 2007
@@ -753,7 +753,7 @@
ap_rputs("</httpd:manager>", r);
}
else {
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
ap_rputs(DOCTYPE_HTML_3_2
"<html><head><title>Balancer Manager</title></head>\n", r);
ap_rputs("<body><h1>Load Balancer Manager for ", r);
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?rev=606693&r1=606692&r2=606693&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c Mon Dec 24 03:45:22 2007
@@ -1691,7 +1691,7 @@
/* set content-type */
if (dirlisting) {
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
}
else {
if (r->content_type) {