You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2017/09/18 21:20:51 UTC
svn commit: r1808780 - in /httpd/httpd/trunk: CHANGES
modules/mappers/mod_speling.c
Author: niq
Date: Mon Sep 18 21:20:51 2017
New Revision: 1808780
URL: http://svn.apache.org/viewvc?rev=1808780&view=rev
Log:
mod_speling/PR 38923: don't embed Referer in link in error page.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_speling.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1808780&r1=1808779&r2=1808780&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Sep 18 21:20:51 2017
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_speling: Don't embed referer data in a link in error page.
+ PR 38923 [Nick Kew]
+
*) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
used in a condition that evaluates to true. PR 58231 [Luca Toscano]
Modified: httpd/httpd/trunk/modules/mappers/mod_speling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_speling.c?rev=1808780&r1=1808779&r2=1808780&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_speling.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_speling.c Mon Sep 18 21:20:51 2017
@@ -482,10 +482,10 @@ static int check_speling(request_rec *r)
if (ref != NULL) {
*(const char **)apr_array_push(t) =
"Please consider informing the owner of the "
- "<a href=\"";
- *(const char **)apr_array_push(t) = ap_escape_uri(sub_pool, ref);
- *(const char **)apr_array_push(t) = "\">referring page</a> "
- "about the broken link.\n";
+ "referring page <tt>";
+ *(const char **)apr_array_push(t) = ap_escape_html(sub_pool, ref);
+ *(const char **)apr_array_push(t) =
+ "</tt> about the broken link.\n";
}