You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl-cvs@perl.apache.org by to...@apache.org on 2009/04/01 17:39:57 UTC

svn commit: r760926 - in /perl/modperl/trunk: Changes lib/Apache2/Status.pm

Author: torsten
Date: Wed Apr  1 15:39:56 2009
New Revision: 760926

URL: http://svn.apache.org/viewvc?rev=760926&view=rev
Log:
Fix an XSS bug in Apache2::Status.

Modified:
    perl/modperl/trunk/Changes
    perl/modperl/trunk/lib/Apache2/Status.pm

Modified: perl/modperl/trunk/Changes
URL: http://svn.apache.org/viewvc/perl/modperl/trunk/Changes?rev=760926&r1=760925&r2=760926&view=diff
==============================================================================
--- perl/modperl/trunk/Changes (original)
+++ perl/modperl/trunk/Changes Wed Apr  1 15:39:56 2009
@@ -12,6 +12,9 @@
 
 =item 2.0.5-dev
 
+Fix an XSS issue in Apache2::Status reported by Richard J. Brain
+<ri...@procheckup.com>. [Torsten Foertsch]
+
 Add NOTICE file to the distribution. [Joe Schaefer]
 
 Make sure Apache2::RequestIO::read doesn't clear the buffer on end of

Modified: perl/modperl/trunk/lib/Apache2/Status.pm
URL: http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?rev=760926&r1=760925&r2=760926&view=diff
==============================================================================
--- perl/modperl/trunk/lib/Apache2/Status.pm (original)
+++ perl/modperl/trunk/lib/Apache2/Status.pm Wed Apr  1 15:39:56 2009
@@ -29,7 +29,7 @@
 
 use Apache2::Const -compile => qw(OK);
 
-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
+$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
 
 use constant IS_WIN32 => ($^O eq "MSWin32");
 
@@ -126,7 +126,7 @@
         $r->print(symdump($r, $qs));
     }
     else {
-        my $uri = $r->uri;
+        my $uri = $r->location;
         $r->print('<p>');
         $r->print(
             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
@@ -198,7 +198,7 @@
 sub status_inc {
     my ($r) = @_;
 
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my @retval = (
         '<table border="1">',
         "<tr>",
@@ -289,7 +289,7 @@
     my ($r) = @_;
 
     local $_;
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $cache = __PACKAGE__->registry_cache;
 
     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
@@ -765,7 +765,7 @@
     my ($self, $package, $r) = @_;
 
     my @m = qw(<table>);
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $is_main = $package eq "main";
 
     my $do_dump = has($r, "dumper");