Commit fa5aa33b authored by Rainer Jung's avatar Rainer Jung
Browse files

- various mods: host and URI escaping: 

  Be sure to escape potential troubled strings,
  add missing html escaping
- const fixes for mod_imagemap

Submitted by: jim, sf, covener
Backported by: rjung
Reviewed by: rpluem, wrowe

Backport of r1413732, r1418752, r1416889, r1422234 and r1422253
from trunk resp. r1418941 and r1425750 from 2.4.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1447390 13f79535-47bb-0310-9956-ffa450edef68
parent 4c6dcf9a

CHANGES

+4 −0
Original line number Diff line number Diff line 
                                                         -*- coding: utf-8 -*-

Changes with Apache 2.2.24



  *) mod_status, mod_info, mod_proxy_ftp, mod_proxy_balancer, mod_imagemap,

     mod_ldap: Improve escaping of hostname and URIs HTML output.

     [Jim Jagielski, Stefan Fritsch]



  *) mod_ssl: Send the error message for speaking http to an https port using

     HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when

     using SNI. PR 50823. [Stefan Fritsch]

STATUS

+0 −12
Original line number Diff line number Diff line
@@ -94,18 +94,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]



   * various mods: host and URI escaping. Includes needed constification

     fix for mod_imagemap.

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1413732

                  http://svn.apache.org/viewvc?view=revision&revision=1418752

                  http://svn.apache.org/viewvc?view=revision&revision=1416889

                  http://svn.apache.org/viewvc?view=revision&revision=1422234

                  http://svn.apache.org/viewvc?view=revision&revision=1422253

     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1418941

                  http://svn.apache.org/viewvc?view=revision&revision=1425750

     2.2.x patch: http://people.apache.org/~rjung/patches/host-and-uri-escaping-2_2.patch

     +1: rjung, rpluem, wrowe



PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

modules/generators/mod_info.c

+2 −1
Original line number Diff line number Diff line
@@ -371,7 +371,8 @@ static int show_server_settings(request_rec * r) 
               MODULE_MAGIC_NUMBER_MINOR);

    ap_rprintf(r,

               "<dt><strong>Hostname/port:</strong> "

               "<tt>%s:%u</tt></dt>\n", ap_get_server_name(r),

               "<tt>%s:%u</tt></dt>\n",

               ap_escape_html(r->pool, ap_get_server_name(r)),

               ap_get_server_port(r));

    ap_rprintf(r,

               "<dt><strong>Timeouts:</strong> "

modules/generators/mod_status.c

+2 −1
Original line number Diff line number Diff line
@@ -409,7 +409,8 @@ static int status_handler(request_rec *r) 
                 "<html><head>\n<title>Apache Status</title>\n</head><body>\n",

                 r);

        ap_rputs("<h1>Apache Server Status for ", r);

        ap_rvputs(r, ap_get_server_name(r), "</h1>\n\n", NULL);

        ap_rvputs(r, ap_escape_html(r->pool, ap_get_server_name(r)),

                  "</h1>\n\n", NULL);

        ap_rvputs(r, "<dl><dt>Server Version: ",

                  ap_get_server_description(), "</dt>\n", NULL);

        ap_rvputs(r, "<dt>Server Built: ",

modules/ldap/util_ldap_cache_mgr.c

+1 −1
Original line number Diff line number Diff line
@@ -541,7 +541,7 @@ char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char 
    if (id) {

        buf2 = apr_psprintf(p,

                 "<a href=\"%s?%s\">%s</a>",

             r->uri,

             ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),

             id,

             name);

    }