GitHub user dchokshi opened a pull request:
https://github.com/apache/trafficserver/pull/436
TS-4145 Fix cross-site scripting exploits in error messages.
Address potential cross-site scripting exploits in the
following files:
1.) Replace the variable psh with epsh in files:
proxy/config/body_factory/default/redirect#moved_temporarily
proxy/config/body_factory/default/redirect#moved_permanently
2.) Variable cqh in proxy/config/body_factory/default/access#redirect_url
should be replaced with ecqh. However the files appears unutilized in
ATS 6.0.0, hence remove from Makefile alltogether.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/dchokshi/trafficserver TS-4145
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/436.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #436
----
commit 379f6f508ddd8dfce9a952dcd2bdcbd52ee11f5a
Author: dchokshi <[email protected]>
Date: 2016-01-22T20:51:56Z
TS-4145 Fix cross-site scripting exploits in error messages.
Address potential cross-site scripting exploits in the
following files:
1.) Replace the variable psh with epsh in files:
proxy/config/body_factory/default/redirect#moved_temporarily
proxy/config/body_factory/default/redirect#moved_permanently
2.) Variable cqh in proxy/config/body_factory/default/access#redirect_url
should be replaced with ecqh. However the files appears unutilized in
ATS 6.0.0, hence remove from Makefile alltogether.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
