diff options
Diffstat (limited to 'www/apache22/patches/patch-ao')
-rw-r--r-- | www/apache22/patches/patch-ao | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/www/apache22/patches/patch-ao b/www/apache22/patches/patch-ao deleted file mode 100644 index bc54349ac39..00000000000 --- a/www/apache22/patches/patch-ao +++ /dev/null @@ -1,44 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2007/06/28 01:20:52 lkundrak Exp $ - -Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on. - ---- modules/generators/mod_status.c.orig 2007-06-28 01:54:44.000000000 +0200 -+++ modules/generators/mod_status.c -@@ -270,7 +270,7 @@ static int status_handler(request_rec *r - if (r->method_number != M_GET) - return DECLINED; - -- ap_set_content_type(r, "text/html"); -+ ap_set_content_type(r, "text/html; charset=ISO-8859-1"); - - /* - * Simple table-driven form data set parser that lets you alter the header -@@ -299,7 +299,7 @@ static int status_handler(request_rec *r - no_table_report = 1; - break; - case STAT_OPT_AUTO: -- ap_set_content_type(r, "text/plain"); -+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1"); - short_report = 1; - break; - } -@@ -673,7 +673,8 @@ static int status_handler(request_rec *r - ap_escape_html(r->pool, - ws_record->client), - ap_escape_html(r->pool, -- ws_record->request), -+ ap_escape_logitem(r->pool, -+ ws_record->request)), - ap_escape_html(r->pool, - ws_record->vhost)); - } -@@ -763,7 +764,8 @@ static int status_handler(request_rec *r - ap_escape_html(r->pool, - ws_record->vhost), - ap_escape_html(r->pool, -- ws_record->request)); -+ ap_escape_logitem(r->pool, -+ ws_record->request))); - } /* no_table_report */ - } /* for (j...) */ - } /* for (i...) */ |