From: Ruediger Pluem Date: Mon, 24 Dec 2007 11:45:22 +0000 (+0000) Subject: * Set character set for HTML outputs generated by mod_ldap, X-Git-Tag: 2.3.0~1103 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b514669c7a6fac30d166fa392d7ab803fae2bca8;p=thirdparty%2Fapache%2Fhttpd.git * Set character set for HTML outputs generated by mod_ldap, mod_proxy_balancer, mod_proxy_ftp, mod_info, mod_dav without a character set to ISO-8859-1. Submitted by: jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@606693 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 169ae96e3bc..d5132c2627c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,22 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid + UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + + *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1 + to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + + *) mod_proxy_ftp: Set character set for generated FTP directory listing to + ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers. + [Joe Orton] + + *) mod_info: Set character set for info page to ISO-8859-1 to avoid + UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + + *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid + UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) mod_ssl: Added server name indication support (RFC 4366). PR 34607. [Kaspar Brand ] diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 8a563571524..a40959b9e7b 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -314,7 +314,7 @@ static int dav_error_response(request_rec *r, int status, const char *body) { r->status = status; - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); /* begin the response now... */ ap_rvputs(r, diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c index 37461fdd220..18f415b3b5b 100644 --- a/modules/generators/mod_info.c +++ b/modules/generators/mod_info.c @@ -608,7 +608,7 @@ static int display_info(request_rec * r) if (r->method_number != M_GET) return DECLINED; - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); ap_rputs(DOCTYPE_XHTML_1_0T "\n" diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 5eab8f37314..ca5c6ffeb6a 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -106,7 +106,7 @@ static int util_ldap_handler(request_rec *r) return DECLINED; } - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); if (r->header_only) return OK; diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index 70fd3316060..9932e752827 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -753,7 +753,7 @@ static int balancer_handler(request_rec *r) ap_rputs("", r); } else { - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); ap_rputs(DOCTYPE_HTML_3_2 "Balancer Manager\n", r); ap_rputs("

Load Balancer Manager for ", r); diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c index 6d4c63a8c41..277a0179419 100644 --- a/modules/proxy/mod_proxy_ftp.c +++ b/modules/proxy/mod_proxy_ftp.c @@ -1691,7 +1691,7 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, /* set content-type */ if (dirlisting) { - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); } else { if (r->content_type) {