You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/28 16:57:43 UTC
svn commit: r607275 - in /httpd/httpd/trunk: CHANGES
modules/proxy/mod_proxy_balancer.c
Author: rpluem
Date: Fri Dec 28 07:57:36 2007
New Revision: 607275
URL: http://svn.apache.org/viewvc?rev=607275&view=rev
Log:
* Correctly escape the worker route and the worker redirect string in the HTML
output of the balancer manager.
Reported by SecurityReason.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=607275&r1=607274&r2=607275&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Dec 28 07:57:36 2007
@@ -2,6 +2,10 @@
Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) mod_proxy_balancer: Correctly escape the worker route and the worker
+ redirect string in the HTML output of the balancer manager.
+ Reported by SecurityReason. [Ruediger Pluem]
+
*) Prevent crash in balancer manager if invalid balancer name is passed
as parameter. Reported by SecurityReason. [Ruediger Pluem]
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?rev=607275&r1=607274&r2=607275&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Fri Dec 28 07:57:36 2007
@@ -803,8 +803,10 @@
ap_escape_uri(r->pool, worker->name),
"\">", NULL);
ap_rvputs(r, worker->name, "</a></td>", NULL);
- ap_rvputs(r, "<td>", worker->s->route, NULL);
- ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
+ ap_rvputs(r, "<td>", ap_escape_html(r->pool, worker->s->route),
+ NULL);
+ ap_rvputs(r, "</td><td>",
+ ap_escape_html(r->pool, worker->s->redirect), NULL);
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
if (worker->s->status & PROXY_WORKER_DISABLED)
@@ -842,10 +844,12 @@
ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r);
ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset);
ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->s->route, NULL);
+ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->route),
+ NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->s->redirect, NULL);
+ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect),
+ NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
if (wsel->s->status & PROXY_WORKER_DISABLED)