CVE-2012-3499

author Stefan Fritsch <sf@apache.org>

Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)

committer Stefan Fritsch <sf@apache.org>

Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)
author Stefan Fritsch <sf@apache.org>
Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)
committer Stefan Fritsch <sf@apache.org>
Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)
diff --git a/modules/ldap/util_ldap_cache_mgr.c b/modules/ldap/util_ldap_cache_mgr.c

index 826757704fafd186b21067e1446f0f8c0c1aa644..ae7e652aeca795e0c81c326f660706140a3ebd07 100644 (file)
--- a/modules/ldap/util_ldap_cache_mgr.c
+++ b/modules/ldap/util_ldap_cache_mgr.c
@@ -604,7 +604,7 @@ char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char
      if (id) {
          buf2 = apr_psprintf(p,
                   "<a href=\"%s?%s\">%s</a>",
-             r->uri,
+             ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),
               id,
               name);
      }
diff --git a/modules/test/mod_policy.c b/modules/test/mod_policy.c

index 473b31c6241e74358b4ad5e7a2fc04939dc04394..8138f83165ea2050868579d1f9ac412e840bb4fc 100644 (file)
--- a/modules/test/mod_policy.c
+++ b/modules/test/mod_policy.c
@@ -1011,7 +1011,8 @@ static const char *set_type_url(cmd_parms *cmd, void *dconf, const char *url)
  {
      policy_conf *conf = dconf;
  
-    conf->type_url = url;
+    /* url is only used inside <a href="...">, escape accordingly */
+    conf->type_url = ap_escape_html(cmd->pool, url);
      conf->type_url_set = 1;
  
      return NULL;
author	Stefan Fritsch <sf@apache.org>
	Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Sat, 8 Dec 2012 20:32:00 +0000 (20:32 +0000)
modules/ldap/util_ldap_cache_mgr.c		patch \| blob \| blame \| history
modules/test/mod_policy.c		patch \| blob \| blame \| history