[Mldonkey-users] [PATCH] HTTP: fix XSS in error handler (#32929)

mldonkey-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mldonkey-users] [PATCH] HTTP: fix XSS in error handler (#32929)

From:	ygrek
Subject:	[Mldonkey-users] [PATCH] HTTP: fix XSS in error handler (#32929)
Date:	Sun, 27 Mar 2011 23:53:16 +0300

diff --git src/utils/net/http_server.ml src/utils/net/http_server.ml
index 0642431..3190e73 100644
--- src/utils/net/http_server.ml
+++ src/utils/net/http_server.ml
@@ -240,8 +240,8 @@ let error_page code from_ip from_port my_ip my_port reason =
                 | Some Blocked -> Printf.sprintf "IP %s is blocked, its part 
of the used IP blocklist " from_ip
                 | _ -> "")
     | "404" -> "Not found", Printf.sprintf "The requested URL %swas not found 
on this server."
-                             (match reason with Some (Url_not_found url) -> 
url ^ " " | _ -> "")
-    | _ -> Printf.sprintf "Unknown error %s" code, ""
+                             (match reason with Some (Url_not_found url) -> 
html_escaped url ^ " " | _ -> "")
+    | _ -> Printf.sprintf "Unknown error %s" (html_escaped code), ""
   in
   let reject_message = Printf.sprintf
 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>
-- 
1.7.2.5

[Prev in Thread]

Current Thread

[Next in Thread]

[Mldonkey-users] [PATCH] HTTP: fix XSS in error handler (#32929), ygrek <=

Prev by Date: [Mldonkey-users] [patch #7506] BT/DHT: show stats, choose random port
Next by Date: [Mldonkey-users] [patch #7495] Fix compilation of Ocaml 3.12.0 with recent binutils
Previous by thread: [Mldonkey-users] [patch #7506] [PATCH] BT/DHT: show stats, choose random port
Next by thread: [Mldonkey-users] [patch #7517] HTTP: fix XSS in error handler
Index(es):
- Date
- Thread