From: Jim Jagielski Date: Tue, 19 Sep 2017 10:18:43 +0000 (+0000) Subject: Merge r1808780 from trunk: X-Git-Tag: 2.4.28~13 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e62d64dd92834e7a34d64970f2249eccd647de28;p=apache Merge r1808780 from trunk: mod_speling/PR 38923: don't embed Referer in link in error page. Submitted by: niq Reviewed by: niq, ylavic, elukey git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808856 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c6b3bcaedb..4ecb2748e3 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.4.28 main configuration file (httpd.conf) to register HTTP methods before the .htaccess files. [Yann Ylavic] + *) mod_speling: Don't embed referer data in a link in error page. + PR 38923 [Nick Kew] + *) htdigest: prevent a buffer overflow when a string exceeds the allowed max length in a password file. [Luca Toscano, Hanno Böck ] diff --git a/STATUS b/STATUS index 6aa0a9f5a6..fb3348fed7 100644 --- a/STATUS +++ b/STATUS @@ -115,10 +115,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_speling: Don't embed Referer data in link in error page. - trunk patch: http://svn.apache.org/r1808780 - 2.4.x: trunk patch applies - +1: niq, ylavic, elukey PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/mappers/mod_speling.c b/modules/mappers/mod_speling.c index a9f36516e9..3e97423255 100644 --- a/modules/mappers/mod_speling.c +++ b/modules/mappers/mod_speling.c @@ -488,10 +488,10 @@ static int check_speling(request_rec *r) if (ref != NULL) { *(const char **)apr_array_push(t) = "Please consider informing the owner of the " - "referring page " - "about the broken link.\n"; + "referring page "; + *(const char **)apr_array_push(t) = ap_escape_html(sub_pool, ref); + *(const char **)apr_array_push(t) = + " about the broken link.\n"; }