You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ni...@apache.org on 2017/09/18 21:20:51 UTC

svn commit: r1808780 - in /httpd/httpd/trunk: CHANGES modules/mappers/mod_speling.c

Author: niq
Date: Mon Sep 18 21:20:51 2017
New Revision: 1808780

URL: http://svn.apache.org/viewvc?rev=1808780&view=rev
Log:
mod_speling/PR 38923: don't embed Referer in link in error page.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/mappers/mod_speling.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1808780&r1=1808779&r2=1808780&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Sep 18 21:20:51 2017
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_speling: Don't embed referer data in a link in error page.
+     PR 38923 [Nick Kew]
+
   *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
      used in a condition that evaluates to true. PR 58231 [Luca Toscano]
 

Modified: httpd/httpd/trunk/modules/mappers/mod_speling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_speling.c?rev=1808780&r1=1808779&r2=1808780&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_speling.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_speling.c Mon Sep 18 21:20:51 2017
@@ -482,10 +482,10 @@ static int check_speling(request_rec *r)
             if (ref != NULL) {
                 *(const char **)apr_array_push(t) =
                                "Please consider informing the owner of the "
-                               "<a href=\"";
-                *(const char **)apr_array_push(t) = ap_escape_uri(sub_pool, ref);
-                *(const char **)apr_array_push(t) = "\">referring page</a> "
-                               "about the broken link.\n";
+                               "referring page <tt>";
+                *(const char **)apr_array_push(t) = ap_escape_html(sub_pool, ref);
+                *(const char **)apr_array_push(t) =
+                               "</tt> about the broken link.\n";
             }