httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: cvs commit: httpd-2.0/server core.c util_script.c
Date Wed, 02 Oct 2002 22:20:50 GMT
On 2 Oct 2002 wrowe@apache.org wrote:

>   Index: util_script.c
>   ===================================================================
>   RCS file: /home/cvs/httpd-2.0/server/util_script.c,v
>   retrieving revision 1.79
>   retrieving revision 1.80
>   diff -u -r1.79 -r1.80
>   --- util_script.c	23 Jun 2002 06:15:03 -0000	1.79
>   +++ util_script.c	2 Oct 2002 21:35:57 -0000	1.80
>   @@ -266,7 +266,8 @@
>
>        apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
>        apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
>   -    apr_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
>   +    apr_table_addn(e, "SERVER_NAME",
>   +                   ap_escape_html(r->pool, ap_get_server_name(r)));
>        apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip);	/* Apache */
>        apr_table_addn(e, "SERVER_PORT",
>    		  apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
>

Lets not encode env variables, as we discussed earlier.

Escaping them is bogus and doesn't solve anything since there are all
sorts of variables that aren't and shouldn't be encoded.


Mime
View raw message