mod_proxy_ftp.c

Jim Jagielski Tue, 27 Nov 2012 06:48:46 -0800

It's to avoid double escaping...

On Nov 26, 2012, at 1:38 PM, Nick Kew <[email protected]> wrote:


> On Mon, 26 Nov 2012 17:18:57 -0000
> [email protected] wrote:
> 
> 
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/mappers/mod_imagemap.c (original)
>> +++ httpd/httpd/trunk/modules/mappers/mod_imagemap.c Mon Nov 26 17:18:54 2012
>> @@ -338,7 +338,7 @@ static char *imap_url(request_rec *r, co
>>     if (!strcasecmp(value, "referer")) {
>>         referer = apr_table_get(r->headers_in, "Referer");
>>         if (referer && *referer) {
>> -            return ap_escape_html(r->pool, referer);
>> +            return referer;
>>         }
> 
> Isn't this the opposite change to the others?  And a case that looks
> at first glance to be potentially exploitable from a third-party site?
> 
> 
> -- 
> Nick Kew
>

Re: svn commit: r1413732 - in /httpd/httpd/trunk/modules: generators/mod_info.c generators/mod_status.c mappers/mod_imagemap.c proxy/mod_proxy_balancer.c proxy/mod_proxy_ftp.c

Reply via email to