From: Joe Orton Date: Thu, 8 Aug 2019 14:00:03 +0000 (+0000) Subject: * modules/proxy/mod_proxy_balancer.c (balancer_display_page): X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a339ed1ec4d0cb9e0b0d0ae7ad5e4ac8d55c09f;p=apache * modules/proxy/mod_proxy_balancer.c (balancer_display_page): Add more HTML-escaping. Submitted by: Niels Heinen git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864703 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index ca00f56238..0ff3feb244 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -1407,7 +1407,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, /* Start proxy_balancer */ ap_rvputs(r, " ", balancer->s->name, "\n", NULL); if (*balancer->s->sticky) { - ap_rvputs(r, " ", balancer->s->sticky, + ap_rvputs(r, " ", ap_escape_html(r->pool, balancer->s->sticky), "\n", NULL); ap_rprintf(r, " %s\n", @@ -1617,10 +1617,10 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, for (i = 0; i < conf->balancers->nelts; i++) { ap_rputs("
\n

LoadBalancer Status for ", r); - ap_rvputs(r, "", NULL); + "\">", NULL); ap_rvputs(r, balancer->s->name, " [",balancer->s->sname, "]

\n", NULL); ap_rputs("\n\n" "" @@ -1631,11 +1631,11 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, balancer->max_workers - (int)storage->num_free_slots(balancer->wslot)); if (*balancer->s->sticky) { if (strcmp(balancer->s->sticky, balancer->s->sticky_path)) { - ap_rvputs(r, "\n", NULL); ap_rvputs(r, "", apr_time_as_msec(worker->s->interval)); ap_rprintf(r, "", worker->s->passes,worker->s->pcount); ap_rprintf(r, "", worker->s->fails, worker->s->fcount); - ap_rprintf(r, "", worker->s->hcuri); + ap_rprintf(r, "", ap_escape_html(r->pool, worker->s->hcuri)); ap_rprintf(r, "\n", r); @@ -1714,20 +1714,20 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, if (wsel && bsel) { ap_rputs("

Edit worker settings for ", r); ap_rvputs(r, (*wsel->s->uds_path?"":""), ap_proxy_worker_name(r->pool, wsel), (*wsel->s->uds_path?"":""), "

\n", NULL); - ap_rputs("\n", NULL); + ap_rputs("pool, action), "\">\n", NULL); ap_rputs("
MaxMembersStickySessionDisableFailoverTimeoutFailoverAttemptsMethod", balancer->s->sticky, " | ", - balancer->s->sticky_path, NULL); + ap_rvputs(r, "", ap_escape_html(r->pool, balancer->s->sticky), " | ", + ap_escape_html(r->pool, balancer->s->sticky_path), NULL); } else { - ap_rvputs(r, "", balancer->s->sticky, NULL); + ap_rvputs(r, "", ap_escape_html(r->pool, balancer->s->sticky), NULL); } } else { @@ -1670,12 +1670,12 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, for (n = 0; n < balancer->workers->nelts; n++) { char fbuf[50]; worker = *workers; - ap_rvputs(r, "
", NULL); + "\">", NULL); ap_rvputs(r, (*worker->s->uds_path ? "" : ""), ap_proxy_worker_name(r->pool, worker), (*worker->s->uds_path ? "" : ""), "", ap_escape_html(r->pool, worker->s->route), @@ -1697,7 +1697,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, ap_rprintf(r, "%" APR_TIME_T_FMT "ms%d (%d)%d (%d)%s%s%s", worker->s->hcexpr); } ap_rputs("
\n", (float)(wsel->s->lbfactor)/100.0); ap_rputs("\n", wsel->s->lbset); ap_rputs("\n", r); + ap_rputs("\">\n", r); ap_rputs("\n", r); + ap_rputs("\">\n", r); ap_rputs("", r); ap_rputs("\n", r); } ap_rputs("\n", r); ap_rvputs(r, "
Load factor:
LB Set:
Route:
Route Redirect:
Status:" "" @@ -1772,15 +1772,15 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, ap_rprintf(r, "\n", wsel->s->fails); ap_rprintf(r, "\n", ap_escape_html(r->pool, wsel->s->hcuri)); + "value=\"%s\">\n", ap_escape_html(r->pool, wsel->s->hcuri)); ap_rputs("
Ignore Errors
Fails trigger)
HC uri
\n
\n\n", NULL); + ap_rvputs(r, "value=\"", ap_escape_uri(r->pool, wsel->s->name), "\">\n", NULL); ap_rvputs(r, "\n", NULL); + ap_rvputs(r, "value=\"", ap_escape_html(r->pool, bsel->s->name + sizeof(BALANCER_PREFIX) - 1), + "\">\n", NULL); ap_rvputs(r, "\n", NULL); ap_rputs("\n", r); @@ -1790,9 +1790,9 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, const ap_list_provider_names_t *pname; int i; ap_rputs("

Edit balancer settings for ", r); - ap_rvputs(r, bsel->s->name, "

\n", NULL); - ap_rputs("
\n", NULL); + ap_rvputs(r, ap_escape_html(r->pool, bsel->s->name), "\n", NULL); + ap_rputs("pool, action), "\">\n", NULL); ap_rputs("\n", r); provs = ap_list_provider_names(r->pool, PROXY_LBMETHOD, "0"); if (provs) { @@ -1816,13 +1816,13 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, ap_rputs("\n", r); ap_rputs("\n", r); + ap_rputs("\">    (Use '-' to delete)\n", r); if (storage->num_free_slots(bsel->wslot) != 0) { ap_rputs("\n", r); ap_rvputs(r, "
Sticky Session:s->sticky, bsel->s->sticky_path)) { - ap_rvputs(r, "value ='", bsel->s->sticky, " | ", - bsel->s->sticky_path, NULL); + ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), " | ", + ap_escape_html(r->pool, bsel->s->sticky_path), NULL); } else { - ap_rvputs(r, "value ='", bsel->s->sticky, NULL); + ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), NULL); } - ap_rputs("'>    (Use '-' to delete)
Add New Worker:" "    Are you sure? " @@ -1830,8 +1830,8 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, } ap_rputs("
\n\n", NULL); + ap_rvputs(r, "value=\"", ap_escape_html(r->pool, bsel->s->name + sizeof(BALANCER_PREFIX) - 1), + "\">\n", NULL); ap_rvputs(r, "\n", NULL); ap_rputs("
\n", r);