freebsd-ports/russian/apache13-modssl/files/patch-secfix-CAN-2005-3352
2006-01-03 17:31:56 +00:00

35 lines
899 B
Text

--- src/main/util.c (original)
+++ src/main/util.c Mon Dec 12 08:36:54 2005
@@ -1722,6 +1722,8 @@
j += 3;
else if (s[i] == '&')
j += 4;
+ else if (s[i] == '"')
+ j += 5;
if (j == 0)
return ap_pstrndup(p, s, i);
@@ -1739,6 +1741,10 @@
else if (s[i] == '&') {
memcpy(&x[j], "&", 5);
j += 4;
+ }
+ else if (s[i] == '"') {
+ memcpy(&x[j], """, 6);
+ j += 5;
}
else
x[j] = s[i];
--- src/modules/standard/mod_imap.c (original)
+++ src/modules/standard/mod_imap.c Mon Dec 12 08:36:54 2005
@@ -328,7 +328,7 @@
if (!strcasecmp(value, "referer")) {
referer = ap_table_get(r->headers_in, "Referer");
if (referer && *referer) {
- return ap_pstrdup(r->pool, referer);
+ return ap_escape_html(r->pool, referer);
}
else {
/* XXX: This used to do *value = '\0'; ... which is totally bogus