stas 2004/10/05 15:30:26
Modified: lib/Apache Status.pm . Changes Log: escape HTML in dumped variables by Apache::Status Submitted by: Markus Wichitill <[EMAIL PROTECTED]> Revision Changes Path 1.30 +13 -1 modperl-2.0/lib/Apache/Status.pm Index: Status.pm =================================================================== RCS file: /home/cvs/modperl-2.0/lib/Apache/Status.pm,v retrieving revision 1.29 retrieving revision 1.30 diff -u -u -r1.29 -r1.30 --- Status.pm 28 Sep 2004 03:42:39 -0000 1.29 +++ Status.pm 5 Oct 2004 22:30:26 -0000 1.30 @@ -363,7 +363,8 @@ } push @retval, "\n</p>\n"; push @retval, "<pre>", - (map "$_ = " . ($ENV{$_}||'') . "\n", sort keys %ENV), "</pre>"; + (map "$_ = " . escape_html($ENV{$_}||'') . "\n", + sort keys %ENV), "</pre>"; [EMAIL PROTECTED]; } @@ -409,6 +410,7 @@ no strict 'refs'; my @retval = "<p>\nData Dump of $name $type\n</p>\n<pre>\n"; my $str = Data::Dumper->Dump([*$name{$type}], ['*'.$name]); + $str = escape_html($str); $str =~ s/= \\/= /; #whack backwack push @retval, $str, "\n"; push @retval, peek_link($r, $q, $name, $type); @@ -826,6 +828,16 @@ push @m, "</table>"; return join "\n", @m, "<hr>", b_package_size_link($r, $q, $package); +} + +sub escape_html { + my $str = shift; + + $str =~ s/&/&/g; + $str =~ s/</</g; + $str =~ s/>/>/g; + + return $str; } sub myconfig { 1.509 +3 -0 modperl-2.0/Changes Index: Changes =================================================================== RCS file: /home/cvs/modperl-2.0/Changes,v retrieving revision 1.508 retrieving revision 1.509 diff -u -u -r1.508 -r1.509 --- Changes 4 Oct 2004 19:27:37 -0000 1.508 +++ Changes 5 Oct 2004 22:30:26 -0000 1.509 @@ -12,6 +12,9 @@ =item 1.99_17-dev +escape HTML in dumped variables by Apache::Status [Markus Wichitill +<[EMAIL PROTECTED]>] + $r->document_root can now be changed when safe to do so [Gozer] APR::Bucket->new now requires an APR::BucketAlloc as its first argument.