From: Ruediger Pluem Date: Thu, 12 Mar 2009 09:29:53 +0000 (+0000) Subject: * Escape pathes of filenames in 406 responses to avoid HTML injections and X-Git-Tag: 2.3.2~15 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d38a0de056b18e94678f9dffcf8980f7586f9c7d;p=apache * Escape pathes of filenames in 406 responses to avoid HTML injections and HTTP response splitting. PR: 46837 Submitted by: Geoff Keating Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@752812 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index cb9028c29c..b8ae180508 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.3.2 + *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid + HTML injections and HTTP response splitting. PR 46837. + [Geoff Keating ] + *) mod_ssl: add support for type-safe STACK constructs in OpenSSL development HEAD. PR 45521. [Kaspar Brand, Sander Temme] diff --git a/modules/mappers/mod_negotiation.c b/modules/mappers/mod_negotiation.c index 923cc05029..976c598e74 100644 --- a/modules/mappers/mod_negotiation.c +++ b/modules/mappers/mod_negotiation.c @@ -2530,7 +2530,7 @@ static void set_neg_headers(request_rec *r, negotiation_state *neg, /* Generate the string components for this Alternates entry */ *((const char **) apr_array_push(arr)) = "{\""; - *((const char **) apr_array_push(arr)) = variant->file_name; + *((const char **) apr_array_push(arr)) = ap_escape_path_segment(r->pool, variant->file_name); *((const char **) apr_array_push(arr)) = "\" "; qstr = (char *) apr_palloc(r->pool, 6); @@ -2804,7 +2804,7 @@ static int setup_choice_response(request_rec *r, negotiation_state *neg, } apr_table_setn(r->err_headers_out, "Content-Location", - apr_pstrdup(r->pool, variant->file_name)); + ap_escape_path_segment(r->pool, variant->file_name)); set_neg_headers(r, neg, alg_choice); /* add Alternates and Vary */