From: William A. Rowe Jr Date: Wed, 12 Dec 2007 19:46:43 +0000 (+0000) Subject: Revert r603712 which was prematurely committed (leave the STATUS X-Git-Tag: 2.0.62~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70308c1f8b2a0d4e636785bd718a44ca77247e12;p=thirdparty%2Fapache%2Fhttpd.git Revert r603712 which was prematurely committed (leave the STATUS mop-up in place) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@603714 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e4abefce18a..f383f48231b 100644 --- a/CHANGES +++ b/CHANGES @@ -5,10 +5,6 @@ Changes with Apache 2.0.62 mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT. [Joe Orton] - *) http_protocol: Escape request method in 413 error reporting. - Determined to be not generally exploitable, but a flaw in any case. - PR 44014 [Victor Stinner ] - Changes with Apache 2.0.61 *) SECURITY: CVE-2007-3847 (cve.mitre.org) diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index d521842b7b6..d773045c224 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -2200,7 +2200,7 @@ static const char *get_canned_error_string(int status, case HTTP_LENGTH_REQUIRED: s1 = apr_pstrcat(p, "

A request of the requested method ", - ap_escape_html(r->pool, r->method), + r->method, " requires a valid Content-length.
\n", NULL); return(add_optional_notes(r, s1, "error-notes", "

\n")); @@ -2247,7 +2247,7 @@ static const char *get_canned_error_string(int status, "The requested resource
", ap_escape_html(r->pool, r->uri), "
\n", "does not allow request data with ", - ap_escape_html(r->pool, r->method), + r->method, " requests, or the amount of data provided in\n" "the request exceeds the capacity limit.\n", NULL));