PR: 54611
Backports: r1476621
Submitted by: Timothy Wood <tjw omnigroup com>
Reviewed by: minfrin, trawick, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1497121 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.25
+<<<<<<< .working
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
+ *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
+ [Timothy Wood <tjw omnigroup.com>]
+
Changes with Apache 2.2.24
*) SECURITY: CVE-2012-3499 (cve.mitre.org)
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
- [Timothy Wood <tjw omnigroup com>]
- trunk patch: http://svn.apache.org/r1476621
- 2.2.x patch: trunk patch works (minus CHANGES)
- +1: minfrin, trawick, wrowe
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
const char *body;
if (locn == NULL) {
- locn = r->uri;
+ locn = r->unparsed_uri;
+ } else {
+ locn = ap_escape_uri(r->pool, locn);
}
/* did the target resource already exist? */
projects / thirdparty / apache / httpd.git / commitdiff
