summaryrefslogtreecommitdiff
path: root/www/apache22/patches/patch-ao
diff options
context:
space:
mode:
Diffstat (limited to 'www/apache22/patches/patch-ao')
-rw-r--r--www/apache22/patches/patch-ao44
1 files changed, 0 insertions, 44 deletions
diff --git a/www/apache22/patches/patch-ao b/www/apache22/patches/patch-ao
deleted file mode 100644
index bc54349ac39..00000000000
--- a/www/apache22/patches/patch-ao
+++ /dev/null
@@ -1,44 +0,0 @@
-$NetBSD: patch-ao,v 1.1 2007/06/28 01:20:52 lkundrak Exp $
-
-Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
-
---- modules/generators/mod_status.c.orig 2007-06-28 01:54:44.000000000 +0200
-+++ modules/generators/mod_status.c
-@@ -270,7 +270,7 @@ static int status_handler(request_rec *r
- if (r->method_number != M_GET)
- return DECLINED;
-
-- ap_set_content_type(r, "text/html");
-+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
-
- /*
- * Simple table-driven form data set parser that lets you alter the header
-@@ -299,7 +299,7 @@ static int status_handler(request_rec *r
- no_table_report = 1;
- break;
- case STAT_OPT_AUTO:
-- ap_set_content_type(r, "text/plain");
-+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
- short_report = 1;
- break;
- }
-@@ -673,7 +673,8 @@ static int status_handler(request_rec *r
- ap_escape_html(r->pool,
- ws_record->client),
- ap_escape_html(r->pool,
-- ws_record->request),
-+ ap_escape_logitem(r->pool,
-+ ws_record->request)),
- ap_escape_html(r->pool,
- ws_record->vhost));
- }
-@@ -763,7 +764,8 @@ static int status_handler(request_rec *r
- ap_escape_html(r->pool,
- ws_record->vhost),
- ap_escape_html(r->pool,
-- ws_record->request));
-+ ap_escape_logitem(r->pool,
-+ ws_record->request)));
- } /* no_table_report */
- } /* for (j...) */
- } /* for (i...) */