Commit 07daaf56 authored Jun 26, 2013 by William A. Rowe Jr

mod_dav: Ensure URI is correctly uriencoded on return.

PR: 54611
Backports: r1476621
Submitted by: Timothy Wood <tjw omnigroup com>
Reviewed by: minfrin, trawick, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497121 13f79535-47bb-0310-9956-ffa450edef68

parent bc7aee4c

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.2.25

		<<<<<<< .working
		*) SECURITY: CVE-2013-1862 (cve.mitre.org)
		mod_rewrite: Ensure that client data written to the RewriteLog is
		escaped to prevent terminal escape sequences from entering the
		@@ -21,6 +22,9 @@ Changes with Apache 2.2.25
		URI that is not configured for DAV will trigger a segfault. [Ben Reser
		<ben reser.org>]

		*) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
		[Timothy Wood <tjw omnigroup.com>]

		Changes with Apache 2.2.24

		*) SECURITY: CVE-2012-3499 (cve.mitre.org)

STATUS

+0 −6

Original line number	Diff line number	Diff line
		@@ -114,12 +114,6 @@ RELEASE SHOWSTOPPERS:
		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		[ start all new proposals below, under PATCHES PROPOSED. ]

		* mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
		[Timothy Wood <tjw omnigroup com>]
		trunk patch: http://svn.apache.org/r1476621
		2.2.x patch: trunk patch works (minus CHANGES)
		+1: minfrin, trawick, wrowe


		PATCHES PROPOSED TO BACKPORT FROM TRUNK:
		[ New proposals should be added at the end of the list ]

modules/dav/main/mod_dav.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -623,7 +623,9 @@ static int dav_created(request_rec r, const char locn, const char *what,
		const char *body;

		if (locn == NULL) {
		locn = r->uri;
		locn = r->unparsed_uri;
		} else {
		locn = ap_escape_uri(r->pool, locn);
		}

		/* did the target resource already exist? */