You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/05/10 17:11:47 UTC

svn commit: r773354 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/mappers/mod_negotiation.c

Author: rpluem
Date: Sun May 10 15:11:46 2009
New Revision: 773354

URL: http://svn.apache.org/viewvc?rev=773354&view=rev
Log:
Merge r752812 from trunk:

* Escape pathes of filenames in 406 responses to avoid HTML injections and
  HTTP response splitting.

PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=773354&r1=773353&r2=773354&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sun May 10 15:11:46 2009
@@ -5,6 +5,10 @@
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
+     HTML injections and HTTP response splitting.  PR 46837.
+     [Geoff Keating <geoffk apple.com>]
+
   *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
      including multiple INCLUDES filters. PR 39369 [Joe Orton]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=773354&r1=773353&r2=773354&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sun May 10 15:11:46 2009
@@ -87,15 +87,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_negotiation: Escape pathes of filenames in 406 responses to avoid
-   HTML injections and HTTP response splitting
-   Trunk version of patch:
-      http://svn.apache.org/viewvc?rev=752812&view=rev
-   Backport version for 2.2.x of patch:
-      Trunk version of patch works
-   +1: rpluem, jim, wrowe
-
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c?rev=773354&r1=773353&r2=773354&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c (original)
+++ httpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c Sun May 10 15:11:46 2009
@@ -2530,7 +2530,7 @@
         /* Generate the string components for this Alternates entry */
 
         *((const char **) apr_array_push(arr)) = "{\"";
-        *((const char **) apr_array_push(arr)) = variant->file_name;
+        *((const char **) apr_array_push(arr)) = ap_escape_path_segment(r->pool, variant->file_name);
         *((const char **) apr_array_push(arr)) = "\" ";
 
         qstr = (char *) apr_palloc(r->pool, 6);
@@ -2804,7 +2804,7 @@
     }
 
     apr_table_setn(r->err_headers_out, "Content-Location",
-                  apr_pstrdup(r->pool, variant->file_name));
+                  ap_escape_path_segment(r->pool, variant->file_name));
 
     set_neg_headers(r, neg, alg_choice);         /* add Alternates and Vary */