mod_speling/PR 38923: don't embed Referer in link in error page.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808780 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 7 insertions, 4 deletions

diff --git a/CHANGES b/CHANGES
index fc03f9fbee..6c49864344 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_speling: Don't embed referer data in a link in error page.
+     PR 38923 [Nick Kew]
+
   *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
      used in a condition that evaluates to true. PR 58231 [Luca Toscano]
 
diff --git a/modules/mappers/mod_speling.c b/modules/mappers/mod_speling.c
index d0ac5b2b98..b0f4b8fe0e 100644
--- a/modules/mappers/mod_speling.c
+++ b/modules/mappers/mod_speling.c
@@ -482,10 +482,10 @@ static int check_speling(request_rec *r)
             if (ref != NULL) {
                 *(const char **)apr_array_push(t) =
                                "Please consider informing the owner of the "
-                               "<a href=\"";
-                *(const char **)apr_array_push(t) = ap_escape_uri(sub_pool, ref);
-                *(const char **)apr_array_push(t) = "\">referring page</a> "
-                               "about the broken link.\n";
+                               "referring page <tt>";
+                *(const char **)apr_array_push(t) = ap_escape_html(sub_pool, ref);
+                *(const char **)apr_array_push(t) =
+                               "</tt> about the broken link.\n";
             }