Commit 266b14a9 authored by Rainer Jung's avatar Rainer Jung
Browse files

Comment 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1446736 13f79535-47bb-0310-9956-ffa450edef68
parent 693f841f

STATUS

+5 −0
Original line number Diff line number Diff line
@@ -204,6 +204,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 
     +1: rjung

     rpluem says: Now t/security/CVE-2005-3352.t fails. Not sure if this is a real

     regression or if just the test is wrong, but this should be investigated.

     rjung: The test sends a Referer '">http://fish/'.

            The original code returns '<a href="http://IP/&quot;&gt;http://fish/">'

            The patched code returns  '<a href="http://IP/%22%3ehttp://fish/">'

            This seems to be even better IMHO. 2.4 also returns the percent encoded

            variant, so the test should fail there as well.



PATCHES/ISSUES THAT ARE STALLED