httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r603282 - /httpd/httpd/trunk/modules/mappers/mod_imagemap.c
Date Tue, 11 Dec 2007 16:02:24 GMT
Author: jorton
Date: Tue Dec 11 08:02:23 2007
New Revision: 603282

URL: http://svn.apache.org/viewvc?rev=603282&view=rev
Log:
Fix CVE-2007-5000:

* modules/mappers/mod_imagemap.c (menu_header): Fix
  cross-site-scripting issue by escaping the URI, and ensure that a
  charset parameter is sent in the content-type to prevent
  autodetection by broken browsers.

Reported by: JPCERT

Modified:
    httpd/httpd/trunk/modules/mappers/mod_imagemap.c

Modified: httpd/httpd/trunk/modules/mappers/mod_imagemap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?rev=603282&r1=603281&r2=603282&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_imagemap.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_imagemap.c Tue Dec 11 08:02:23 2007
@@ -479,13 +479,16 @@
 
 static void menu_header(request_rec *r, char *menu)
 {
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
 
-    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", r->uri,
-           "</title>\n</head><body>\n", NULL);
+    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", 
+              ap_escape_html(r->pool, r->uri),
+              "</title>\n</head><body>\n", NULL);
 
     if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "<h1>Menu for ", r->uri, "</h1>\n<hr />\n\n", NULL);
+        ap_rvputs(r, "<h1>Menu for ", 
+                  ap_escape_html(r->pool, r->uri),
+                  "</h1>\n<hr />\n\n", NULL);
     }
 
     return;



Mime
View raw message