mod_speling/PR 38923: don't embed Referer in link in error page.
Submitted by: niq
Reviewed by: niq, ylavic, elukey
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1808856 13f79535-47bb-0310-9956-
ffa450edef68
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files. [Yann Ylavic]
+ *) mod_speling: Don't embed referer data in a link in error page.
+ PR 38923 [Nick Kew]
+
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
[Luca Toscano, Hanno Böck <hanno hboeck de>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_speling: Don't embed Referer data in link in error page.
- trunk patch: http://svn.apache.org/r1808780
- 2.4.x: trunk patch applies
- +1: niq, ylavic, elukey
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
if (ref != NULL) {
*(const char **)apr_array_push(t) =
"Please consider informing the owner of the "
- "<a href=\"";
- *(const char **)apr_array_push(t) = ap_escape_uri(sub_pool, ref);
- *(const char **)apr_array_push(t) = "\">referring page</a> "
- "about the broken link.\n";
+ "referring page <tt>";
+ *(const char **)apr_array_push(t) = ap_escape_html(sub_pool, ref);
+ *(const char **)apr_array_push(t) =
+ "</tt> about the broken link.\n";
}
projects / apache / commitdiff