1 http://bugs.gentoo.org/show_bug.cgi?id=118875
3 --- server/util.c (revision 330526)
4 +++ server/util.c (working copy)
9 + else if (s[i] == '"')
13 return apr_pstrmemdup(p, s, i);
14 @@ -1780,6 +1782,10 @@
15 memcpy(&x[j], "&", 5);
18 + else if (s[i] == '"') {
19 + memcpy(&x[j], """, 6);
25 --- modules/mappers/mod_imap.c (revision 330526)
26 +++ modules/mappers/mod_imap.c (working copy)
28 if (!strcasecmp(value, "referer")) {
29 referer = apr_table_get(r->headers_in, "Referer");
30 if (referer && *referer) {
31 - return apr_pstrdup(r->pool, referer);
32 + return ap_escape_html(r->pool, referer);
35 /* XXX: This used to do *value = '\0'; ... which is totally bogus