Changeset 258

Show
Ignore:
Timestamp:
04/04/06 10:27:50 (3 years ago)
Author:
alo
Message:

--

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • cherokee/branches/0.5/ChangeLog

    r240 r258  
     12006-04-04  Alvaro Lopez Ortega  <alvaro@alobbs.com> 
     2 
     3        * cherokee/handler_error.c (build_hardcoded_response_page): Fixed 
     4        Cross Site Scripting bug discovered by Ruben Garrote Garcia. 
     5 
    162006-04-01  Alvaro Lopez Ortega  <alvaro@alobbs.com> 
     7 
     8        * cherokee/util.c (cherokee_gethostbyname): Fixes segfault. 
    29 
    310        * cherokee/connection.c (get_host): Little clean up. 

  • cherokee/branches/0.5/cherokee/handler_error.c

    r239 r258  
    7171build_hardcoded_response_page (cherokee_connection_t *cnt, cherokee_buffer_t *buffer) 
    7272{ 
    73         cuint_t port; 
     73        cuint_t            port; 
     74        cherokee_buffer_t *escaped = NULL; 
    7475 
    7576        cherokee_buffer_add_str (buffer, "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">" CRLF); 
     
    107108                cherokee_buffer_add_str (buffer,  
    108109                                         "Your browser sent a request that this server could not understand."); 
    109                 cherokee_buffer_add_va (buffer, "<p><pre>%s</pre>", cnt->header.input_buffer->buf); 
     110 
     111                cherokee_buffer_escape_html (cnt->header.input_buffer, &escaped); 
     112                if (escaped == NULL) 
     113                        cherokee_buffer_add_va (buffer, "<p><pre>%s</pre>", cnt->header.input_buffer->buf); 
     114                else 
     115                        cherokee_buffer_add_va (buffer, "<p><pre>%s</pre>", escaped->buf); 
    110116                break; 
    111117        case http_access_denied: 

  • cherokee/branches/0.5/cherokee/header.c

    r240 r258  
    450450                /* Add the host header 
    451451                 */ 
    452                 add_known_header (hdr, header_host, begin - buf->buf, dir - host); 
     452                add_known_header (hdr, header_host, host - buf->buf, dir - host); 
    453453                 
    454454                /* Fix the URL 

  • cherokee/branches/0.5/cherokee/util.c

    r182 r258  
    686686        /* Copy the address 
    687687         */ 
     688        if (hp == NULL) 
     689                return ret_not_found; 
     690 
    688691        memcpy (addr, hp->h_addr, hp->h_length); 
    689692 

  • cherokee/branches/0.5/configure.in

    r237 r258  
    2525m4_define([cherokee_major_version], [0]) 
    2626m4_define([cherokee_minor_version], [5]) 
    27 m4_define([cherokee_micro_version], [0]) 
     27m4_define([cherokee_micro_version], [1]) 
    2828m4_define([cherokee_patch_version], []) 
    2929m4_define([cherokee_version], m4_format('%s.%s.%s%s', cherokee_major_version, cherokee_minor_version, cherokee_micro_version, cherokee_patch_version))