From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 21 Mar 2002 16:02:03 +0000 (+0000)
Subject:   Add % and \r [C/R] to the dangerous Win32/OS2 characters.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2778071a83bc77df31e1357eb0a48eeb38230ff;p=thirdparty%2Fapache%2Fhttpd.git

  Add % and \r [C/R] to the dangerous Win32/OS2 characters.
  Retain the Unix sh escapes list for compatibility.
  [William Rowe]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94090 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/main/gen_test_char.c b/src/main/gen_test_char.c
index dc33a73d86b..fae84664442 100644
--- a/src/main/gen_test_char.c
+++ b/src/main/gen_test_char.c
@@ -37,9 +37,23 @@ int main(int argc, char *argv[])
 	    printf("\n    ");
 
 	/* escape_shell_cmd */
-	if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
+#if defined(WIN32) || defined(OS2)
+        /* Win32/OS2 have many of the same vulnerable characters
+         * as Unix sh, plus the carriage return and percent char.
+         * The proper escaping of these characters varies from unix
+         * since Win32/OS2 use carets or doubled-double quotes, 
+         * and neither lf nor cr can be escaped.  We escape unix 
+         * specific as well, to assure that cross-compiled unix 
+         * applications behave similiarly when invoked on win32/os2.
+         */
+        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
 	    flags |= T_ESCAPE_SHELL_CMD;
 	}
+#else
+        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
+	    flags |= T_ESCAPE_SHELL_CMD;
+	}
+#endif
 
 	if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
 	    flags |= T_ESCAPE_PATH_SEGMENT;