From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 26 Jun 2013 21:44:43 +0000 (+0000)
Subject: mod_dav: Ensure URI is correctly uriencoded on return.
X-Git-Tag: 2.2.25~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa9729adffa431f79b1144d734fa91e1fb450585;p=thirdparty%2Fapache%2Fhttpd.git

mod_dav: Ensure URI is correctly uriencoded on return.

PR: 54611
Backports: r1476621
Submitted by: Timothy Wood <tjw omnigroup com>
Reviewed by: minfrin, trawick, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497121 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index a4764f7a362..201a46121d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.25
 
+<<<<<<< .working
   *) SECURITY: CVE-2013-1862 (cve.mitre.org)
      mod_rewrite: Ensure that client data written to the RewriteLog is
      escaped to prevent terminal escape sequences from entering the
@@ -21,6 +22,9 @@ Changes with Apache 2.2.25
      URI that is not configured for DAV will trigger a segfault. [Ben Reser
      <ben reser.org>]
 
+  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
+     [Timothy Wood <tjw omnigroup.com>]
+
 Changes with Apache 2.2.24
 
   *) SECURITY: CVE-2012-3499 (cve.mitre.org)
diff --git a/STATUS b/STATUS
index e2dd57c1e8a..4dba03aa4c3 100644
--- a/STATUS
+++ b/STATUS
@@ -114,12 +114,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
   
-  * mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
-    [Timothy Wood <tjw omnigroup com>]
-    trunk patch: http://svn.apache.org/r1476621
-    2.2.x patch: trunk patch works (minus CHANGES)
-    +1: minfrin, trawick, wrowe
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index cae1bfd173a..0e4bfc1894f 100644
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -623,7 +623,9 @@ static int dav_created(request_rec *r, const char *locn, const char *what,
     const char *body;
 
     if (locn == NULL) {
-        locn = r->uri;
+        locn = r->unparsed_uri;
+    } else {
+        locn = ap_escape_uri(r->pool, locn);
     }
 
     /* did the target resource already exist? */