mod_ldap: HTML-escape ldap-status handler.

Reported by Chamal De Silva.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913855 13f79535-47bb-0310-9956-ffa450edef68

changes-entries/ldap_status.txt

@@ -0,0 +1,2 @@
+  *) mod_ldap: HTML-escape data in the ldap-status handler.
+     [Eric Covener, Chamal De Silva]

modules/ldap/util_ldap_cache.c

@@ -230,8 +230,8 @@ void util_ldap_search_node_display(request_rec *r, util_ald_cache_t *cache, void
                "<td nowrap>%s</td>"
                "<td nowrap>%s</td>"
                "</tr>",
-               node->username,
+               ap_escape_html(r->pool, node->username),
-               node->dn,
+               ap_escape_html(r->pool, node->dn),
                date_str);
 }
 
@@ -331,9 +331,9 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi
                "<td nowrap>%s</td>"
                "<td nowrap>%s</td>"
                "</tr>",
-               node->dn,
+               ap_escape_html(r->pool, node->dn),
-               node->attrib,
+               ap_escape_html(r->pool, node->attrib),
-               node->value,
+               ap_escape_html(r->pool, node->value),
                date_str,
                cmp_result,
                sub_groups_val,
@@ -391,8 +391,8 @@ void util_ldap_dn_compare_node_display(request_rec *r, util_ald_cache_t *cache,
                "<td nowrap>%s</td>"
                "<td nowrap>%s</td>"
                "</tr>",
-               node->reqdn,
+               ap_escape_html(r->pool, node->reqdn),
-               node->dn);
+               ap_escape_html(r->pool, node->dn));
 }