httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r603714 - in /httpd/httpd/branches/2.0.x: CHANGES modules/http/http_protocol.c
Date Wed, 12 Dec 2007 19:46:43 GMT
Author: wrowe
Date: Wed Dec 12 11:46:43 2007
New Revision: 603714

URL: http://svn.apache.org/viewvc?rev=603714&view=rev
Log:
Revert r603712 which was prematurely committed (leave the STATUS
mop-up in place)

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/modules/http/http_protocol.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=603714&r1=603713&r2=603714&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Wed Dec 12 11:46:43 2007
@@ -5,10 +5,6 @@
      mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
      [Joe Orton]  
 
-  *) http_protocol: Escape request method in 413 error reporting.
-     Determined to be not generally exploitable, but a flaw in any case.
-     PR 44014 [Victor Stinner <victor.stinner inl.fr>]
-
 Changes with Apache 2.0.61
 
   *) SECURITY: CVE-2007-3847 (cve.mitre.org)

Modified: httpd/httpd/branches/2.0.x/modules/http/http_protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/http/http_protocol.c?rev=603714&r1=603713&r2=603714&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/http/http_protocol.c (original)
+++ httpd/httpd/branches/2.0.x/modules/http/http_protocol.c Wed Dec 12 11:46:43 2007
@@ -2200,7 +2200,7 @@
     case HTTP_LENGTH_REQUIRED:
         s1 = apr_pstrcat(p,
                          "<p>A request of the requested method ",
-                         ap_escape_html(r->pool, r->method),
+                         r->method,
                          " requires a valid Content-length.<br />\n",
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -2247,7 +2247,7 @@
                            "The requested resource<br />",
                            ap_escape_html(r->pool, r->uri), "<br />\n",
                            "does not allow request data with ",
-                           ap_escape_html(r->pool, r->method),
+                           r->method,
                            " requests, or the amount of data provided in\n"
                            "the request exceeds the capacity limit.\n",
                            NULL));



Mime
View raw message