Backport to v2.4:

author Graham Leggett <minfrin@apache.org>

Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)

committer Graham Leggett <minfrin@apache.org>

Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)
author Graham Leggett <minfrin@apache.org>
Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)
committer Graham Leggett <minfrin@apache.org>
Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)
diff --git a/CHANGES b/CHANGES

index 8925855e893966ae9e82e95da373d421d4d6337a..34aeaac6f3a9d0ecc926ac185fa19ca312c2b1f3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.4.59
  
+  *) mod_ldap: HTML-escape data in the ldap-status handler.
+     [Eric Covener, Chamal De Silva]
+
    *) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
       Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
       notably with OpenSSL >= 3.  PR 68080.  [ Yann Ylavic, Joe Orton ]
diff --git a/STATUS b/STATUS

index 9198762ec8321b02a3739f35e78fc472c2133824..10eedd00db95d9b60dcdc54f7fd8f14c917aae9c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -153,10 +153,6 @@ RELEASE SHOWSTOPPERS:
  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    [ start all new proposals below, under PATCHES PROPOSED. ]
  
-   *) mod_ldap: HTML-escape data in ldap-status handler
-      trunk patch: http://svn.apache.org/r1913855
-      2.4.x patch  svn merge -c 1913855 ^/httpd/httpd/trunk .
-      +1: covener, minfrin, ylavic
  
  
  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/changes-entries/md_v2.4.25.txt b/changes-entries/md_v2.4.25.txt

deleted file mode 100644 (file)

index d4bf95f..0000000
--- a/changes-entries/md_v2.4.25.txt
+++ /dev/null
@@ -1,4 +0,0 @@
- * mod_md: Fix the reported "until" validity of a certificate in the status
-   handler. [Rainer Jung]
-   Fix possible NULL deref when logging the error that an authentication
-   resource could not be retrieved from the ACME server. [Stefan Eissing]
diff --git a/modules/ldap/util_ldap_cache.c b/modules/ldap/util_ldap_cache.c

index 774a76e1acfd05acf990e9e1b552c63272c96796..27dc733958efeaed535cfc49d7a915cb5bb5b32d 100644 (file)
--- a/modules/ldap/util_ldap_cache.c
+++ b/modules/ldap/util_ldap_cache.c
@@ -230,8 +230,8 @@ void util_ldap_search_node_display(request_rec *r, util_ald_cache_t *cache, void
                 "<td nowrap>%s</td>"
                 "<td nowrap>%s</td>"
                 "</tr>",
-               node->username,
-               node->dn,
+               ap_escape_html(r->pool, node->username),
+               ap_escape_html(r->pool, node->dn),
                 date_str);
  }
  
@@ -331,9 +331,9 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi
                 "<td nowrap>%s</td>"
                 "<td nowrap>%s</td>"
                 "</tr>",
-               node->dn,
-               node->attrib,
-               node->value,
+               ap_escape_html(r->pool, node->dn),
+               ap_escape_html(r->pool, node->attrib),
+               ap_escape_html(r->pool, node->value),
                 date_str,
                 cmp_result,
                 sub_groups_val,
@@ -391,8 +391,8 @@ void util_ldap_dn_compare_node_display(request_rec *r, util_ald_cache_t *cache,
                 "<td nowrap>%s</td>"
                 "<td nowrap>%s</td>"
                 "</tr>",
-               node->reqdn,
-               node->dn);
+               ap_escape_html(r->pool, node->reqdn),
+               ap_escape_html(r->pool, node->dn));
  }
author	Graham Leggett <minfrin@apache.org>
	Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Sat, 18 Nov 2023 15:10:02 +0000 (15:10 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
changes-entries/md_v2.4.25.txt	[deleted file]	patch \| blob \| blame \| history
modules/ldap/util_ldap_cache.c		patch \| blob \| blame \| history