Author: phred Date: Wed Apr 1 21:57:52 2009 New Revision: 761081 URL: http://svn.apache.org/viewvc?rev=761081&view=rev Log: Fix XSS vulnerability in Apache::Status reported by Richard J. Brain, CVE-2009-0796
Modified: perl/modperl/branches/1.x/Changes perl/modperl/branches/1.x/lib/Apache/Status.pm Modified: perl/modperl/branches/1.x/Changes URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/Changes?rev=761081&r1=761080&r2=761081&view=diff ============================================================================== --- perl/modperl/branches/1.x/Changes (original) +++ perl/modperl/branches/1.x/Changes Wed Apr 1 21:57:52 2009 @@ -10,6 +10,10 @@ =item 1.31-dev +Fix XSS vulnerability in Apache::Status reported by +Richard J. Brain, CVE-2009-0796 +[Fred Moyer] + On Win32, mod_perl.h needs to include <malloc.h> before the perl headers, at least when built with USE_ITHREADS [Steve Hay] Modified: perl/modperl/branches/1.x/lib/Apache/Status.pm URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?rev=761081&r1=761080&r2=761081&view=diff ============================================================================== --- perl/modperl/branches/1.x/lib/Apache/Status.pm (original) +++ perl/modperl/branches/1.x/lib/Apache/Status.pm Wed Apr 1 21:57:52 2009 @@ -72,7 +72,7 @@ $r->print(symdump($r, $newQ->($r), $qs)); } else { - my $uri = $r->uri; + my $uri = $r->location; $r->print( map { qq[<a href="$uri?$_">$status{$_}</a><br>\n] } keys %status ); @@ -140,7 +140,7 @@ sub status_inc { my($r,$q) = @_; my(@retval, $module, $v, $file); - my $uri = $r->uri; + my $uri = $r->location; push @retval, "<table border=1>"; push @retval, "<tr>", @@ -198,7 +198,7 @@ my($r,$q) = @_; my(@retval); local $_; - my $uri = $r->uri; + my $uri = $r->location; my $cache = __PACKAGE__->registry_cache; push @retval, "<b>Click on package name to see its symbol table</b><p>\n"; foreach (sort keys %$cache) {