From: Jeff Trawick <trawick@apache.org>
Date: Thu, 4 Dec 2003 06:46:27 +0000 (+0000)
Subject: merge this from 2.1-dev:
X-Git-Tag: 2.0.49~314
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2729c0a2f07057f776e6c1f3b4436a7828c00d6e;p=thirdparty%2Fapache%2Fhttpd.git

merge this from 2.1-dev:

    mod_info: Escape html code in directives and arguments. PR: 24232

PR:              24232
Submitted by:	 thommay
Reviewed by:	 nd, trawick, striker


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@101981 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 5a0eef55abc..5ac626b37a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.49
 
+  *) mod_info: HTML escape configuration information so it displays 
+     correctly. PR 24232. [Thom May]
+     
   *) Restore the ability to add a description for directories that
      don't contain an index file.  (Broken in 2.0.48) [André Malo]
 
diff --git a/STATUS b/STATUS
index 34d93d451dc..f4e6d34be11 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2003/12/04 06:40:13 $]
+Last modified at [$Date: 2003/12/04 06:46:26 $]
 
 Release:
 
@@ -317,10 +317,6 @@ PATCHES TO BACKPORT FROM 2.1
        (nd: +1 on concept, lacking knowledge prevents me from definitely +1'ing
             it.)
 
-    * mod_info: Escape html code in directives and arguments. PR: 24232
-        modules/generators/mod_info.c: r1.52
-      +1: thommay, nd, trawick, striker
-
     * Let mod_autoindex show filenames containing special characters.
       PR 13598.
         server/request.c: r1.130
diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c
index 9dffaf5b087..888cb1383f3 100644
--- a/modules/generators/mod_info.c
+++ b/modules/generators/mod_info.c
@@ -181,7 +181,7 @@ static void mod_info_module_cmds(request_rec * r, const command_rec * cmds,
 		if (nest > block_start) {
 		    block_start++;
 		    apr_snprintf(htmlstring, sizeof(htmlstring), "%s %s",
-				tmptree->parent->directive,
+                                tmptree->parent->directive,
 				tmptree->parent->args);
                     ap_rputs("<dd><tt>", r);
                     mod_info_html_cmd_string(r, htmlstring, 0);
@@ -190,15 +190,18 @@ static void mod_info_module_cmds(request_rec * r, const command_rec * cmds,
 		if (nest == 2) {
 		    ap_rprintf(r, "<dd><tt>&nbsp;&nbsp;&nbsp;&nbsp;%s "
 			       "<i>%s</i></tt></dd>\n",
-			       tmptree->directive, tmptree->args);
+                               ap_escape_html(r->pool,tmptree->directive), 
+                               ap_escape_html(r->pool,tmptree->args));
 		} else if (nest == 1) {
 		    ap_rprintf(r,
 			       "<dd><tt>&nbsp;&nbsp;%s <i>%s</i></tt></dd>\n",
-			       tmptree->directive, tmptree->args);
+                               ap_escape_html(r->pool,tmptree->directive), 
+                               ap_escape_html(r->pool,tmptree->args));
 		} else {
                     ap_rputs("<dd><tt>", r);
                     mod_info_html_cmd_string(r, tmptree->directive, 0);
-                    ap_rprintf(r, " <i>%s</i></tt></dd>\n", tmptree->args);
+                    ap_rprintf(r, " <i>%s</i></tt></dd>\n", 
+                               ap_escape_html(r->pool,tmptree->args));
 		}
 	    }
 	    ++cmd;