1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
--- src/main/util.c (original)
+++ src/main/util.c Mon Dec 12 08:36:54 2005
@@ -1722,6 +1722,8 @@
j += 3;
else if (s[i] == '&')
j += 4;
+ else if (s[i] == '"')
+ j += 5;
if (j == 0)
return ap_pstrndup(p, s, i);
@@ -1739,6 +1741,10 @@
else if (s[i] == '&') {
memcpy(&x[j], "&", 5);
j += 4;
+ }
+ else if (s[i] == '"') {
+ memcpy(&x[j], """, 6);
+ j += 5;
}
else
x[j] = s[i];
--- src/modules/standard/mod_imap.c (original)
+++ src/modules/standard/mod_imap.c Mon Dec 12 08:36:54 2005
@@ -328,7 +328,7 @@
if (!strcasecmp(value, "referer")) {
referer = ap_table_get(r->headers_in, "Referer");
if (referer && *referer) {
- return ap_pstrdup(r->pool, referer);
+ return ap_escape_html(r->pool, referer);
}
else {
/* XXX: This used to do *value = '\0'; ... which is totally bogus
|
