[Fwd: svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm]

[Fred Moyer]

Ugh, this means we'll need mp1 rc7.  Sorry Gozer, I owe you another 
martini :)
--- Begin Message ---
Author: phred
Date: Wed Apr  1 21:57:52 2009
New Revision: 761081

URL: http://svn.apache.org/viewvc?rev=761081&view=rev
Log:
Fix XSS vulnerability in Apache::Status reported by 
Richard J. Brain, CVE-2009-0796
Modified:
    perl/modperl/branches/1.x/Changes
    perl/modperl/branches/1.x/lib/Apache/Status.pm

Modified: perl/modperl/branches/1.x/Changes
URL: 
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/Changes?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/Changes (original)
+++ perl/modperl/branches/1.x/Changes Wed Apr  1 21:57:52 2009
@@ -10,6 +10,10 @@
 
 =item 1.31-dev
 
+Fix XSS vulnerability in Apache::Status reported by 
+Richard J. Brain, CVE-2009-0796
+[Fred Moyer]
+
 On Win32, mod_perl.h needs to include <malloc.h> before the perl
 headers, at least when built with USE_ITHREADS
 [Steve Hay]

Modified: perl/modperl/branches/1.x/lib/Apache/Status.pm
URL: 
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/lib/Apache/Status.pm (original)
+++ perl/modperl/branches/1.x/lib/Apache/Status.pm Wed Apr  1 21:57:52 2009
@@ -72,7 +72,7 @@
        $r->print(symdump($r, $newQ->($r), $qs));
     }
     else {
-       my $uri = $r->uri;
+       my $uri = $r->location;
        $r->print(
            map { qq[<a href="$uri?$_">$status{$_}</a><br>\n] } keys %status
         );
@@ -140,7 +140,7 @@
 sub status_inc {
     my($r,$q) = @_;
     my(@retval, $module, $v, $file);
-    my $uri = $r->uri;
+    my $uri = $r->location;
     push @retval, "<table border=1>";
     push @retval, 
     "<tr>", 
@@ -198,7 +198,7 @@
     my($r,$q) = @_;
     my(@retval);
     local $_;
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $cache = __PACKAGE__->registry_cache;
     push @retval, "<b>Click on package name to see its symbol table</b><p>\n";
     foreach (sort keys %$cache) {



--- End Message ---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org