Author: phred
Date: Wed Apr 1 21:57:52 2009
New Revision: 761081
URL: http://svn.apache.org/viewvc?rev=761081&view=rev
Log:
Fix XSS vulnerability in Apache::Status reported by
Richard J. Brain, CVE-2009-0796
Modified:
perl/modperl/branches/1.x/Changes
perl/modperl/branches/1.x/lib/Apache/Status.pm
Modified: perl/modperl/branches/1.x/Changes
URL:
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/Changes?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/Changes (original)
+++ perl/modperl/branches/1.x/Changes Wed Apr 1 21:57:52 2009
@@ -10,6 +10,10 @@
=item 1.31-dev
+Fix XSS vulnerability in Apache::Status reported by
+Richard J. Brain, CVE-2009-0796
+[Fred Moyer]
+
On Win32, mod_perl.h needs to include <malloc.h> before the perl
headers, at least when built with USE_ITHREADS
[Steve Hay]
Modified: perl/modperl/branches/1.x/lib/Apache/Status.pm
URL:
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?rev=761081&r1=761080&r2=761081&view=diff
==============================================================================
--- perl/modperl/branches/1.x/lib/Apache/Status.pm (original)
+++ perl/modperl/branches/1.x/lib/Apache/Status.pm Wed Apr 1 21:57:52 2009
@@ -72,7 +72,7 @@
$r->print(symdump($r, $newQ->($r), $qs));
}
else {
- my $uri = $r->uri;
+ my $uri = $r->location;
$r->print(
map { qq[<a href="$uri?$_">$status{$_}</a><br>\n] } keys %status
);
@@ -140,7 +140,7 @@
sub status_inc {
my($r,$q) = @_;
my(@retval, $module, $v, $file);
- my $uri = $r->uri;
+ my $uri = $r->location;
push @retval, "<table border=1>";
push @retval,
"<tr>",
@@ -198,7 +198,7 @@
my($r,$q) = @_;
my(@retval);
local $_;
- my $uri = $r->uri;
+ my $uri = $r->location;
my $cache = __PACKAGE__->registry_cache;
push @retval, "<b>Click on package name to see its symbol table</b><p>\n";
foreach (sort keys %$cache) {
