mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
- *) http_protocol: Escape request method in 413 error reporting.
- Determined to be not generally exploitable, but a flaw in any case.
- PR 44014 [Victor Stinner <victor.stinner inl.fr>]
-
Changes with Apache 2.0.61
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
case HTTP_LENGTH_REQUIRED:
s1 = apr_pstrcat(p,
"<p>A request of the requested method ",
- ap_escape_html(r->pool, r->method),
+ r->method,
" requires a valid Content-length.<br />\n",
NULL);
return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
"The requested resource<br />",
ap_escape_html(r->pool, r->uri), "<br />\n",
"does not allow request data with ",
- ap_escape_html(r->pool, r->method),
+ r->method,
" requests, or the amount of data provided in\n"
"the request exceeds the capacity limit.\n",
NULL));
projects / thirdparty / apache / httpd.git / commitdiff
