diff options
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | modules/generators/mod_info.c | 11 |
2 files changed, 10 insertions, 4 deletions
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_info: HTML escape configuration information so it displays + correctly. PR 24232. [Thom May] + *) mod_status: Report total CPU time accurately when using a threaded MPM. PR 23795. [Jeff Trawick] diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c index 9dffaf5b08..888cb1383f 100644 --- a/modules/generators/mod_info.c +++ b/modules/generators/mod_info.c @@ -181,7 +181,7 @@ static void mod_info_module_cmds(request_rec * r, const command_rec * cmds, if (nest > block_start) { block_start++; apr_snprintf(htmlstring, sizeof(htmlstring), "%s %s", - tmptree->parent->directive, + tmptree->parent->directive, tmptree->parent->args); ap_rputs("<dd><tt>", r); mod_info_html_cmd_string(r, htmlstring, 0); @@ -190,15 +190,18 @@ static void mod_info_module_cmds(request_rec * r, const command_rec * cmds, if (nest == 2) { ap_rprintf(r, "<dd><tt> %s " "<i>%s</i></tt></dd>\n", - tmptree->directive, tmptree->args); + ap_escape_html(r->pool,tmptree->directive), + ap_escape_html(r->pool,tmptree->args)); } else if (nest == 1) { ap_rprintf(r, "<dd><tt> %s <i>%s</i></tt></dd>\n", - tmptree->directive, tmptree->args); + ap_escape_html(r->pool,tmptree->directive), + ap_escape_html(r->pool,tmptree->args)); } else { ap_rputs("<dd><tt>", r); mod_info_html_cmd_string(r, tmptree->directive, 0); - ap_rprintf(r, " <i>%s</i></tt></dd>\n", tmptree->args); + ap_rprintf(r, " <i>%s</i></tt></dd>\n", + ap_escape_html(r->pool,tmptree->args)); } } ++cmd; |