From: Ruediger Pluem Date: Fri, 16 May 2014 18:54:19 +0000 (+0000) Subject: * Correctly escape user provided data. X-Git-Tag: 2.5.0-alpha~4195 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f17e7e5e1094c44848f3f37a8cf4517985f4f7f1;p=apache * Correctly escape user provided data. PR: 56532 Submitted by: Maksymilian Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1595305 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7a1601222f..e87e784ab6 100644 --- a/CHANGES +++ b/CHANGES @@ -1,18 +1,21 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 - + + *) mod_proxy_balancer: Correctly encode user provided data in management + interface. PR 56532 [Maksymilian, ] + *) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme. PR55320. [Alex Liu ] - + *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection to resume. PR56333 [Artem , Edward Lu ] - + *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener] *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous processing mode. [Eric Covener] - + *) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies. [Jeff Trawick] diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index c927d3bf6e..acfd3861de 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -1602,7 +1602,7 @@ static int balancer_handler(request_rec *r) ap_rputs("

Edit balancer settings for ", r); ap_rvputs(r, bsel->s->name, "

\n", NULL); ap_rputs("
\n", NULL); + ap_rvputs(r, ap_escape_uri(r->pool, action), "'>\n", NULL); ap_rputs("
\n\n", r); provs = ap_list_provider_names(r->pool, PROXY_LBMETHOD, "0"); if (provs) {