torsten at apache
Apr 1, 2009, 8:39 AM
Post #1 of 1
(639 views)
Permalink
|
|
svn commit: r760926 - in /perl/modperl/trunk: Changes lib/Apache2/Status.pm
|
|
Author: torsten
Date: Wed Apr 1 15:39:56 2009
New Revision: 760926
URL: http://svn.apache.org/viewvc?rev=760926&view=rev
Log:
Fix an XSS bug in Apache2::Status.
Modified:
perl/modperl/trunk/Changes
perl/modperl/trunk/lib/Apache2/Status.pm
Modified: perl/modperl/trunk/Changes
URL: http://svn.apache.org/viewvc/perl/modperl/trunk/Changes?rev=760926&r1=760925&r2=760926&view=diff
==============================================================================
--- perl/modperl/trunk/Changes (original)
+++ perl/modperl/trunk/Changes Wed Apr 1 15:39:56 2009
@@ -12,6 +12,9 @@
=item 2.0.5-dev
+Fix an XSS issue in Apache2::Status reported by Richard J. Brain
+<richard[at]procheckup.com>. [Torsten Foertsch]
+
Add NOTICE file to the distribution. [Joe Schaefer]
Make sure Apache2::RequestIO::read doesn't clear the buffer on end of
Modified: perl/modperl/trunk/lib/Apache2/Status.pm
URL: http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?rev=760926&r1=760925&r2=760926&view=diff
==============================================================================
--- perl/modperl/trunk/lib/Apache2/Status.pm (original)
+++ perl/modperl/trunk/lib/Apache2/Status.pm Wed Apr 1 15:39:56 2009
@@ -29,7 +29,7 @@
use Apache2::Const -compile => qw(OK);
-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
+$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
use constant IS_WIN32 => ($^O eq "MSWin32");
@@ -126,7 +126,7 @@
$r->print(symdump($r, $qs));
}
else {
- my $uri = $r->uri;
+ my $uri = $r->location;
$r->print('<p>');
$r->print(
map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
@@ -198,7 +198,7 @@
sub status_inc {
my ($r) = @_;
- my $uri = $r->uri;
+ my $uri = $r->location;
my @retval = (
'<table border="1">',
"<tr>",
@@ -289,7 +289,7 @@
my ($r) = @_;
local $_;
- my $uri = $r->uri;
+ my $uri = $r->location;
my $cache = __PACKAGE__->registry_cache;
my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
@@ -765,7 +765,7 @@
my ($self, $package, $r) = @_;
my @m = qw(<table>);
- my $uri = $r->uri;
+ my $uri = $r->location;
my $is_main = $package eq "main";
my $do_dump = has($r, "dumper");
|
