The XSS prevention methods used was confused if the

URL was encoded (hex-encoded). OTP-9655
author: Micael Karlberg <[email protected]> 2011-10-25 12:34:56 +0200
committer: Micael Karlberg <[email protected]> 2011-10-25 12:34:56 +0200
commit: f9060599aeab81cb9282ddf51cc057bf1353208f (patch)
tree: 578dd77bf0511cf8b6575e4161da8a05efc57807 /lib/inets/src/http_server/httpd_file.erl
parent: 801ec3847e330b7d67b1e4ae700211380da0d6bd (diff)
download: otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.gz
otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.bz2
otp-f9060599aeab81cb9282ddf51cc057bf1353208f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/inets/src/http_server/httpd_file.erl b/lib/inets/src/http_server/httpd_file.erl
index fbe713ecd1..4490a6356a 100644
--- a/lib/inets/src/http_server/httpd_file.erl
+++ b/lib/inets/src/http_server/httpd_file.erl
@@ -39,8 +39,8 @@ handle_error(_Reason, Op, _ModData, Path) ->
     handle_error(500, Op, none, Path, "").
 	    
 handle_error(StatusCode, Op, none, Path, Reason) ->
-    {StatusCode, none, ?NICE("Can't " ++ Op ++ Path ++ Reason)};
+    {StatusCode, none, ?NICE("Can't " ++ Op ++ " " ++ Path ++ Reason)};
 
 handle_error(StatusCode, Op, ModData, Path, Reason) ->
     {StatusCode, ModData#mod.request_uri,
-     ?NICE("Can't " ++ Op ++ Path ++ Reason)}.
+     ?NICE("Can't " ++ Op ++ " " ++ Path ++ Reason)}.
author	Micael Karlberg <[email protected]>	2011-10-25 12:34:56 +0200
committer	Micael Karlberg <[email protected]>	2011-10-25 12:34:56 +0200
commit	f9060599aeab81cb9282ddf51cc057bf1353208f (patch)
tree	578dd77bf0511cf8b6575e4161da8a05efc57807 /lib/inets/src/http_server/httpd_file.erl
parent	801ec3847e330b7d67b1e4ae700211380da0d6bd (diff)
download	otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.gz otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.bz2 otp-f9060599aeab81cb9282ddf51cc057bf1353208f.zip