* Move nonce field inside the html form.
PR: 45578
Submitted by: rpluem
Reviewed by: rpluem, covener, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@683686
13f79535-47bb-0310-9956-
ffa450edef68
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_proxy_balancer: Move nonce field in the balancer manager page inside
+ the html form where it belongs. PR 45578. [Ruediger Pluem]
+
*) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
[Ruediger Pluem]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy_balancer: Move nonce field in the balancer manager page inside the
- html form where it belongs. PR 45578 [Ruediger Pluem]
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=683373&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, covener, jorton
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
ap_rvputs(r, "value=\"", ap_escape_uri(r->pool, wsel->name), "\">\n", NULL);
ap_rvputs(r, "<input type=hidden name=\"b\" ", NULL);
ap_rvputs(r, "value=\"", bsel->name + sizeof("balancer://") - 1,
- "\">\n</form>\n", NULL);
+ "\">\n", NULL);
ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"",
balancer_nonce, "\">\n", NULL);
+ ap_rvputs(r, "</form>\n", NULL);
ap_rputs("<hr />\n", r);
}
ap_rputs(ap_psignature("",r), r);
projects / thirdparty / apache / httpd.git / commitdiff
