$NetBSD: patch-as,v 1.6 2007/06/28 00:43:36 lkundrak Exp $
Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
--- src/modules/standard/mod_status.c.orig 2007-06-28 02:39:31.000000000 +0200
+++ src/modules/standard/mod_status.c 2007-06-28 02:44:25.000000000 +0200
@@ -221,7 +221,7 @@ static int status_handler(request_rec *r
if (r->method_number != M_GET)
return DECLINED;
- r->content_type = "text/html";
+ r->content_type = "text/html; charset=ISO-8859-1";
/*
* Simple table-driven form data set parser that lets you alter the header
@@ -247,7 +247,7 @@ static int status_handler(request_rec *r
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- r->content_type = "text/plain";
+ r->content_type = "text/plain; charset=ISO-8859-1";
short_report = 1;
break;
}
@@ -591,7 +591,7 @@ static int status_handler(request_rec *r
ap_rputs(")\n", r);
ap_rprintf(r, " %s {%s} [%s]
\n\n",
ap_escape_html(r->pool, score_record.client),
- ap_escape_html(r->pool, score_record.request),
+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)),
vhost ? ap_escape_html(r->pool,
vhost->server_hostname) : "(unavailable)");
}
@@ -686,14 +686,14 @@ static int status_handler(request_rec *r
"\n\n",
score_record.client,
vhost ? vhost->server_hostname : "(unavailable)",
- ap_escape_html(r->pool, score_record.request));
+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)))
#else
ap_rprintf(r,
"%s | %s | %s\n\n",
ap_escape_html(r->pool, score_record.client),
vhost ? ap_escape_html(r->pool,
vhost->server_hostname) : "(unavailable)",
- ap_escape_html(r->pool, score_record.request));
+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)))
#endif
} /* no_table_report */
} /* !short_report */
|