* Escape pathes of filenames in 406 responses to avoid HTML injections and
HTTP response splitting.
PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773354
13f79535-47bb-0310-9956-
ffa450edef68
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
+ *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
+ HTML injections and HTTP response splitting. PR 46837.
+ [Geoff Keating <geoffk apple.com>]
+
*) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. PR 39369 [Joe Orton]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_negotiation: Escape pathes of filenames in 406 responses to avoid
- HTML injections and HTTP response splitting
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=752812&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, jim, wrowe
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
/* Generate the string components for this Alternates entry */
*((const char **) apr_array_push(arr)) = "{\"";
- *((const char **) apr_array_push(arr)) = variant->file_name;
+ *((const char **) apr_array_push(arr)) = ap_escape_path_segment(r->pool, variant->file_name);
*((const char **) apr_array_push(arr)) = "\" ";
qstr = (char *) apr_palloc(r->pool, 6);
}
apr_table_setn(r->err_headers_out, "Content-Location",
- apr_pstrdup(r->pool, variant->file_name));
+ ap_escape_path_segment(r->pool, variant->file_name));
set_neg_headers(r, neg, alg_choice); /* add Alternates and Vary */
projects / thirdparty / apache / httpd.git / commitdiff
