Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:310
apache2.openSUSE_Evergreen_11.4
httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff of Package apache2.openSUSE_Evergreen_11.4
diff -rNU 30 ../httpd-2.2.12-o/modules/proxy/mod_proxy_ftp.c ./modules/proxy/mod_proxy_ftp.c --- ../httpd-2.2.12-o/modules/proxy/mod_proxy_ftp.c 2013-03-26 17:17:33.000000000 +0100 +++ ./modules/proxy/mod_proxy_ftp.c 2013-03-26 19:19:45.000000000 +0100 @@ -338,61 +338,64 @@ *type++ = '\0'; (void)decodeenc(path); while (path[1] == '/') /* collapse multiple leading slashes to one */ ++path; reldir = strrchr(path, '/'); if (reldir != NULL && ftp_check_globbingchars(reldir)) { wildcard = &reldir[1]; reldir[0] = '\0'; /* strip off the wildcard suffix */ } /* Copy path, strip (all except the last) trailing slashes */ /* (the trailing slash is needed for the dir component loop below) */ path = dir = apr_pstrcat(p, path, "/", NULL); for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n) path[n - 1] = '\0'; /* Add a link to the root directory (if %2f hack was used) */ str = (basedir[0] != '\0') ? "<a href=\"/%2f/\">%2f</a>/" : ""; /* print "ftp://host/" */ escpath = ap_escape_html(p, path); str = apr_psprintf(p, DOCTYPE_HTML_3_2 "<html>\n <head>\n <title>%s%s%s</title>\n" "<base href=\"%s%s%s\">\n" " </head>\n" " <body>\n <h2>Directory of " "<a href=\"/\">%s</a>/%s", - site, basedir, escpath, site, basedir, escpath, site, str); + ap_escape_html(p, site), basedir, escpath, + ap_escape_uri(p, site), basedir, escpath, + ap_escape_uri(p, site), str); + APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p, c->bucket_alloc)); for (dir = path+1; (dir = strchr(dir, '/')) != NULL; ) { *dir = '\0'; if ((reldir = strrchr(path+1, '/'))==NULL) { reldir = path+1; } else ++reldir; /* print "path/" component */ str = apr_psprintf(p, "<a href=\"%s%s/\">%s</a>/", basedir, ap_escape_uri(p, path), ap_escape_html(p, reldir)); *dir = '/'; while (*dir == '/') ++dir; APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p, c->bucket_alloc)); } if (wildcard != NULL) { wildcard = ap_escape_html(p, wildcard); APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard, strlen(wildcard), p, c->bucket_alloc)); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor