You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/03/12 10:29:59 UTC
svn commit: r752812 - in /httpd/httpd/trunk: CHANGES
modules/mappers/mod_negotiation.c
Author: rpluem
Date: Thu Mar 12 09:29:53 2009
New Revision: 752812
URL: http://svn.apache.org/viewvc?rev=752812&view=rev
Log:
* Escape pathes of filenames in 406 responses to avoid HTML injections and
HTTP response splitting.
PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_negotiation.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=752812&r1=752811&r2=752812&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Mar 12 09:29:53 2009
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.3.2
+ *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
+ HTML injections and HTTP response splitting. PR 46837.
+ [Geoff Keating <geoffk apple.com>]
+
*) mod_ssl: add support for type-safe STACK constructs in OpenSSL
development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
Modified: httpd/httpd/trunk/modules/mappers/mod_negotiation.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_negotiation.c?rev=752812&r1=752811&r2=752812&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_negotiation.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_negotiation.c Thu Mar 12 09:29:53 2009
@@ -2530,7 +2530,7 @@
/* Generate the string components for this Alternates entry */
*((const char **) apr_array_push(arr)) = "{\"";
- *((const char **) apr_array_push(arr)) = variant->file_name;
+ *((const char **) apr_array_push(arr)) = ap_escape_path_segment(r->pool, variant->file_name);
*((const char **) apr_array_push(arr)) = "\" ";
qstr = (char *) apr_palloc(r->pool, 6);
@@ -2804,7 +2804,7 @@
}
apr_table_setn(r->err_headers_out, "Content-Location",
- apr_pstrdup(r->pool, variant->file_name));
+ ap_escape_path_segment(r->pool, variant->file_name));
set_neg_headers(r, neg, alg_choice); /* add Alternates and Vary */