From: Ruediger Pluem <rpluem@apache.org>
Date: Thu, 7 Aug 2008 19:30:02 +0000 (+0000)
Subject: Merge r683373 from trunk:
X-Git-Tag: 2.2.10~111
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99acf5e2ce4ffefe291633889e9fa494a4059f55;p=thirdparty%2Fapache%2Fhttpd.git

Merge r683373 from trunk:

* Move nonce field inside the html form.

PR: 45578

Submitted by: rpluem
Reviewed by: rpluem, covener, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@683686 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0543571a8ee..21a7ccc5a21 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@ Changes with Apache 2.2.10
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_proxy_balancer: Move nonce field in the balancer manager page inside
+     the html form where it belongs. PR 45578. [Ruediger Pluem]
+
   *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
      known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
      [Ruediger Pluem]
diff --git a/STATUS b/STATUS
index 0bb5c78ecdb..6c3d39210ad 100644
--- a/STATUS
+++ b/STATUS
@@ -83,15 +83,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_proxy_balancer: Move nonce field in the balancer manager page inside the
-   html form where it belongs. PR 45578 [Ruediger Pluem]
-      Trunk version of patch:
-         http://svn.apache.org/viewvc?rev=683373&view=rev
-      Backport version for 2.2.x of patch:
-         Trunk version of patch works
-   +1: rpluem, covener, jorton
-
-     
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index bcc47cfc470..e4b2d9a47d6 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -860,9 +860,10 @@ static int balancer_handler(request_rec *r)
             ap_rvputs(r, "value=\"", ap_escape_uri(r->pool, wsel->name), "\">\n", NULL);
             ap_rvputs(r, "<input type=hidden name=\"b\" ", NULL);
             ap_rvputs(r, "value=\"", bsel->name + sizeof("balancer://") - 1,
-                      "\">\n</form>\n", NULL);
+                      "\">\n", NULL);
             ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"", 
                       balancer_nonce, "\">\n", NULL);
+            ap_rvputs(r, "</form>\n", NULL);
             ap_rputs("<hr />\n", r);
         }
         ap_rputs(ap_psignature("",r), r);