Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: ModPerl-cvs

svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm

 

 

ModPerl modperl-cvs RSS feed   Index | Next | Previous | View Threaded


phred at apache

Apr 1, 2009, 2:57 PM

Post #1 of 1 (2436 views)
Permalink
svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm

Author: phred
Date: Wed Apr 1 21:57:52 2009
New Revision: 761081

URL: http://svn.apache.org/viewvc?rev=761081&view=rev
Log:
Fix XSS vulnerability in Apache::Status reported by
Richard J. Brain, CVE-2009-0796

Modified:
perl/modperl/branches/1.x/Changes
perl/modperl/branches/1.x/lib/Apache/Status.pm

Modified: perl/modperl/branches/1.x/Changes
URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/Changes?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/Changes (original)
+++ perl/modperl/branches/1.x/Changes Wed Apr 1 21:57:52 2009
@@ -10,6 +10,10 @@

=item 1.31-dev

+Fix XSS vulnerability in Apache::Status reported by
+Richard J. Brain, CVE-2009-0796
+[Fred Moyer]
+
On Win32, mod_perl.h needs to include <malloc.h> before the perl
headers, at least when built with USE_ITHREADS
[Steve Hay]

Modified: perl/modperl/branches/1.x/lib/Apache/Status.pm
URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/lib/Apache/Status.pm (original)
+++ perl/modperl/branches/1.x/lib/Apache/Status.pm Wed Apr 1 21:57:52 2009
@@ -72,7 +72,7 @@
$r->print(symdump($r, $newQ->($r), $qs));
}
else {
- my $uri = $r->uri;
+ my $uri = $r->location;
$r->print(
map { qq[<a href="$uri?$_">$status{$_}</a><br>\n] } keys %status
);
@@ -140,7 +140,7 @@
sub status_inc {
my($r,$q) = @_;
my(@retval, $module, $v, $file);
- my $uri = $r->uri;
+ my $uri = $r->location;
push @retval, "<table border=1>";
push @retval,
"<tr>",
@@ -198,7 +198,7 @@
my($r,$q) = @_;
my(@retval);
local $_;
- my $uri = $r->uri;
+ my $uri = $r->location;
my $cache = __PACKAGE__->registry_cache;
push @retval, "<b>Click on package name to see its symbol table</b><p>\n";
foreach (sort keys %$cache) {

ModPerl modperl-cvs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.