granicus.if.org Git - apache/commit

author	Stefan Fritsch <sf@apache.org>
	Tue, 3 Jul 2012 19:44:22 +0000 (19:44 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Tue, 3 Jul 2012 19:44:22 +0000 (19:44 +0000)
commit	8289f720d38fb918426bc8aeaf953dba85b795ed
tree	0f9eb22a08ad4b25ae659ad0f17fd504b1848f90	tree \| snapshot
parent	7ea08695916ad50a8e78fe8586e33ea4e6126247	commit \| diff

Merge r1349905:
    SECURITY: CVE-2012-2687 (cve.mitre.org):

    mod_negotiation: Escape filenames in variant list to prevent an
    possible XSS for a site where untrusted users can upload files to a
    location with MultiViews enabled.

    * modules/mappers/mod_negotiation.c (make_variant_list): Escape
      filenames in variant list.

    Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: covener, jorton, sf

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| history
STATUS		diff \| blob \| history
modules/mappers/mod_negotiation.c		diff \| blob \| history