From: Eric Covener Date: Thu, 16 Nov 2023 19:53:18 +0000 (+0000) Subject: mod_ldap: HTML-escape ldap-status handler. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbc113c3cf43de7bf11b417f023ad2caf6b420a1;p=thirdparty%2Fapache%2Fhttpd.git mod_ldap: HTML-escape ldap-status handler. Reported by Chamal De Silva. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913855 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/ldap_status.txt b/changes-entries/ldap_status.txt new file mode 100644 index 00000000000..94f352d908d --- /dev/null +++ b/changes-entries/ldap_status.txt @@ -0,0 +1,2 @@ + *) mod_ldap: HTML-escape data in the ldap-status handler. + [Eric Covener, Chamal De Silva] diff --git a/modules/ldap/util_ldap_cache.c b/modules/ldap/util_ldap_cache.c index 6a944daa843..70428789034 100644 --- a/modules/ldap/util_ldap_cache.c +++ b/modules/ldap/util_ldap_cache.c @@ -230,8 +230,8 @@ void util_ldap_search_node_display(request_rec *r, util_ald_cache_t *cache, void "%s" "%s" "", - node->username, - node->dn, + ap_escape_html(r->pool, node->username), + ap_escape_html(r->pool, node->dn), date_str); } @@ -331,9 +331,9 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi "%s" "%s" "", - node->dn, - node->attrib, - node->value, + ap_escape_html(r->pool, node->dn), + ap_escape_html(r->pool, node->attrib), + ap_escape_html(r->pool, node->value), date_str, cmp_result, sub_groups_val, @@ -391,8 +391,8 @@ void util_ldap_dn_compare_node_display(request_rec *r, util_ald_cache_t *cache, "%s" "%s" "", - node->reqdn, - node->dn); + ap_escape_html(r->pool, node->reqdn), + ap_escape_html(r->pool, node->dn)); }