* Prevent XSS attacks when using wildcards in the path of the FTP URL

author Ruediger Pluem <rpluem@apache.org>

Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)

committer Ruediger Pluem <rpluem@apache.org>

Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)
author Ruediger Pluem <rpluem@apache.org>
Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)
committer Ruediger Pluem <rpluem@apache.org>
Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)
diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c

index e2350f4768596a8f018c8f8de5b09af54e162ce6..31a9ae3de96bdf33d15c743535eccb2a2b0d2c50 100644 (file)
--- a/modules/proxy/mod_proxy_ftp.c
+++ b/modules/proxy/mod_proxy_ftp.c
@@ -390,6 +390,7 @@ static apr_status_t proxy_send_dir_filter(ap_filter_t *f,
                                                             c->bucket_alloc));
          }
          if (wildcard != NULL) {
+            wildcard = ap_escape_html(p, wildcard);
              APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
                                                             strlen(wildcard), p,
                                                             c->bucket_alloc));
author	Ruediger Pluem <rpluem@apache.org>
	Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)
committer	Ruediger Pluem <rpluem@apache.org>
	Tue, 5 Aug 2008 19:00:04 +0000 (19:00 +0000)