mirror of
https://github.com/apache/httpd.git
synced 2025-08-08 15:02:10 +03:00
* Correctly escape the worker route and the worker redirect string in the HTML
output of the balancer manager. Reported by SecurityReason. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607275 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ruediger Pluem
4
CHANGES
4
CHANGES
@@ -2,6 +2,10 @@
|
|||||||
Changes with Apache 2.3.0
|
Changes with Apache 2.3.0
|
||||||
[ When backported to 2.2.x, remove entry from this file ]
|
[ When backported to 2.2.x, remove entry from this file ]
|
||||||
|
|
||||||
|
*) mod_proxy_balancer: Correctly escape the worker route and the worker
|
||||||
|
redirect string in the HTML output of the balancer manager.
|
||||||
|
Reported by SecurityReason. [Ruediger Pluem]
|
||||||
|
|
||||||
*) Prevent crash in balancer manager if invalid balancer name is passed
|
*) Prevent crash in balancer manager if invalid balancer name is passed
|
||||||
as parameter. Reported by SecurityReason. [Ruediger Pluem]
|
as parameter. Reported by SecurityReason. [Ruediger Pluem]
|
||||||
|
|
||||||
|
|||||||
@@ -803,8 +803,10 @@ static int balancer_handler(request_rec *r)
|
|||||||
ap_escape_uri(r->pool, worker->name),
|
ap_escape_uri(r->pool, worker->name),
|
||||||
"\">", NULL);
|
"\">", NULL);
|
||||||
ap_rvputs(r, worker->name, "</a></td>", NULL);
|
ap_rvputs(r, worker->name, "</a></td>", NULL);
|
||||||
ap_rvputs(r, "<td>", worker->s->route, NULL);
|
ap_rvputs(r, "<td>", ap_escape_html(r->pool, worker->s->route),
|
||||||
ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
|
NULL);
|
||||||
|
ap_rvputs(r, "</td><td>",
|
||||||
|
ap_escape_html(r->pool, worker->s->redirect), NULL);
|
||||||
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
|
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
|
||||||
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
|
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
|
||||||
if (worker->s->status & PROXY_WORKER_DISABLED)
|
if (worker->s->status & PROXY_WORKER_DISABLED)
|
||||||
@@ -842,10 +844,12 @@ static int balancer_handler(request_rec *r)
|
|||||||
ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r);
|
ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r);
|
||||||
ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset);
|
ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset);
|
||||||
ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r);
|
ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r);
|
||||||
ap_rvputs(r, "value=\"", wsel->s->route, NULL);
|
ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->route),
|
||||||
|
NULL);
|
||||||
ap_rputs("\"></td></tr>\n", r);
|
ap_rputs("\"></td></tr>\n", r);
|
||||||
ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r);
|
ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r);
|
||||||
ap_rvputs(r, "value=\"", wsel->s->redirect, NULL);
|
ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect),
|
||||||
|
NULL);
|
||||||
ap_rputs("\"></td></tr>\n", r);
|
ap_rputs("\"></td></tr>\n", r);
|
||||||
ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
|
ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
|
||||||
if (wsel->s->status & PROXY_WORKER_DISABLED)
|
if (wsel->s->status & PROXY_WORKER_DISABLED)
|
||||||
|
|||||||
Reference in New Issue
Block a user