diff options
author | Erlang/OTP <[email protected]> | 2011-09-15 09:54:39 +0200 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2011-09-15 09:54:39 +0200 |
commit | 801ec3847e330b7d67b1e4ae700211380da0d6bd (patch) | |
tree | 8861e1e85f352d828cf31f0690feaae63c0088bd /lib/inets/src/http_client/httpc_handler.erl | |
parent | 50261525973798faf7f62ea02356447b16e5fc56 (diff) | |
parent | 98fd9df4c4a04554fd2f707ca9ea2d674fad984d (diff) | |
download | otp-801ec3847e330b7d67b1e4ae700211380da0d6bd.tar.gz otp-801ec3847e330b7d67b1e4ae700211380da0d6bd.tar.bz2 otp-801ec3847e330b7d67b1e4ae700211380da0d6bd.zip |
Merge branch 'bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535' into maint-r13
* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.
Diffstat (limited to 'lib/inets/src/http_client/httpc_handler.erl')
-rw-r--r-- | lib/inets/src/http_client/httpc_handler.erl | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl index db5ff3036a..5e5a9ce32e 100644 --- a/lib/inets/src/http_client/httpc_handler.erl +++ b/lib/inets/src/http_client/httpc_handler.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2002-2010. All Rights Reserved. +%% Copyright Ericsson AB 2002-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -794,37 +794,43 @@ deliver_answers([Request|Requests]) -> %% Purpose: Convert process state when code is changed %%-------------------------------------------------------------------- code_change(_, #state{request = Request, pipeline = Queue} = State, - [{from, '5.0.1'}, {to, '5.0.2'}]) -> - Settings = new_http_options(Request#request.settings), + from_pre_5_3_5) -> + Settings = new_http_options(Request#request.settings), NewRequest = Request#request{settings = Settings}, - NewQueue = new_queue(Queue, fun new_http_options/1), + NewQueue = new_queue(Queue, fun new_http_options/1), {ok, State#state{request = NewRequest, pipeline = NewQueue}}; code_change(_, #state{request = Request, pipeline = Queue} = State, - [{from, '5.0.2'}, {to, '5.0.1'}]) -> - Settings = old_http_options(Request#request.settings), + to_pre_5_3_5) -> + Settings = old_http_options(Request#request.settings), NewRequest = Request#request{settings = Settings}, - NewQueue = new_queue(Queue, fun old_http_options/1), + NewQueue = new_queue(Queue, fun old_http_options/1), {ok, State#state{request = NewRequest, pipeline = NewQueue}}; code_change(_, State, _) -> {ok, State}. -new_http_options({http_options, TimeOut, AutoRedirect, SslOpts, - Auth, Relaxed}) -> - {http_options, "HTTP/1.1", TimeOut, AutoRedirect, SslOpts, - Auth, Relaxed}. - -old_http_options({http_options, _, TimeOut, AutoRedirect, - SslOpts, Auth, Relaxed}) -> - {http_options, TimeOut, AutoRedirect, SslOpts, Auth, Relaxed}. - -new_queue(Queue, Fun) -> +new_http_options({http_options, + Version, Timeout, AutoRedirect, SslOpts, + ProxyAuth, Relaxed, ConnTimeout}) -> + UrlEncoding = false, + {http_options, + Version, Timeout, AutoRedirect, SslOpts, + ProxyAuth, Relaxed, ConnTimeout, UrlEncoding}. + +old_http_options({http_options, + Version, TimeOut, AutoRedirect, SslOpts, + ProxyAuth, Relaxed, ConnTimeout, _UrlEncode}) -> + {http_options, + Version, TimeOut, AutoRedirect, SslOpts, + ProxyAuth, Relaxed, ConnTimeout}. + +new_queue(Queue, TransformSettings) -> List = queue:to_list(Queue), NewList = lists:map(fun(Request) -> Settings = - Fun(Request#request.settings), + TransformSettings(Request#request.settings), Request#request{settings = Settings} end, List), queue:from_list(NewList). |