]>
Commit | Line | Data |
---|---|---|
255cef4a | 1 | http://bugs.gentoo.org/show_bug.cgi?id=118875 |
2 | ||
3 | --- server/util.c (revision 330526) | |
4 | +++ server/util.c (working copy) | |
5 | @@ -1762,6 +1762,8 @@ | |
6 | j += 3; | |
7 | else if (s[i] == '&') | |
8 | j += 4; | |
9 | + else if (s[i] == '"') | |
10 | + j += 5; | |
11 | ||
12 | if (j == 0) | |
13 | return apr_pstrmemdup(p, s, i); | |
14 | @@ -1780,6 +1782,10 @@ | |
15 | memcpy(&x[j], "&", 5); | |
16 | j += 4; | |
17 | } | |
18 | + else if (s[i] == '"') { | |
19 | + memcpy(&x[j], """, 6); | |
20 | + j += 5; | |
21 | + } | |
22 | else | |
23 | x[j] = s[i]; | |
24 | ||
25 | --- modules/mappers/mod_imap.c (revision 330526) | |
26 | +++ modules/mappers/mod_imap.c (working copy) | |
27 | @@ -342,7 +342,7 @@ | |
28 | if (!strcasecmp(value, "referer")) { | |
29 | referer = apr_table_get(r->headers_in, "Referer"); | |
30 | if (referer && *referer) { | |
31 | - return apr_pstrdup(r->pool, referer); | |
32 | + return ap_escape_html(r->pool, referer); | |
33 | } | |
34 | else { | |
35 | /* XXX: This used to do *value = '\0'; ... which is totally bogus |