www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

CVE-2012-3499

Browse Source 
add missing html escaping


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418752 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2012-12-08 20:32:00 +00:00
parent 310a0975a5
commit d5b414c34d
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/ldap/util_ldap_cache_mgr.c
View File

@@ -604,7 +604,7 @@ char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char
if (id) { if (id) {
buf2 = apr_psprintf(p, buf2 = apr_psprintf(p,
"<a href=\"%s?%s\">%s</a>", "<a href=\"%s?%s\">%s</a>",
r->uri, ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),
id, id,
name); name);
} }

3
modules/test/mod_policy.c
View File

@@ -1011,7 +1011,8 @@ static const char *set_type_url(cmd_parms *cmd, void *dconf, const char *url)
{ {
policy_conf *conf = dconf; policy_conf *conf = dconf;
conf->type_url = url; /* url is only used inside <a href="...">, escape accordingly */
conf->type_url = ap_escape_html(cmd->pool, url);
conf->type_url_set = 1; conf->type_url_set = 1;
return NULL; return NULL;