35 lines
1 KiB
Text
35 lines
1 KiB
Text
--- modules/mappers/mod_imagemap.c (original)
|
|
+++ modules/mappers/mod_imagemap.c Mon Dec 12 09:27:59 2005
|
|
@@ -342,7 +342,7 @@
|
|
if (!strcasecmp(value, "referer")) {
|
|
referer = apr_table_get(r->headers_in, "Referer");
|
|
if (referer && *referer) {
|
|
- return apr_pstrdup(r->pool, referer);
|
|
+ return ap_escape_html(r->pool, referer);
|
|
}
|
|
else {
|
|
/* XXX: This used to do *value = '\0'; ... which is totally bogus
|
|
|
|
--- server/util.c (original)
|
|
+++ server/util.c Mon Dec 12 09:27:59 2005
|
|
@@ -1748,6 +1748,8 @@
|
|
j += 3;
|
|
else if (s[i] == '&')
|
|
j += 4;
|
|
+ else if (s[i] == '"')
|
|
+ j += 5;
|
|
|
|
if (j == 0)
|
|
return apr_pstrmemdup(p, s, i);
|
|
@@ -1765,6 +1767,10 @@
|
|
else if (s[i] == '&') {
|
|
memcpy(&x[j], "&", 5);
|
|
j += 4;
|
|
+ }
|
|
+ else if (s[i] == '"') {
|
|
+ memcpy(&x[j], """, 6);
|
|
+ j += 5;
|
|
}
|
|
else
|
|
x[j] = s[i];
|
|
|