Merge branch 'bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535' into maint-r13

* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
  Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.

1 files changed, 4 insertions, 2 deletions

diff --git a/lib/inets/src/http_server/mod_dir.erl b/lib/inets/src/http_server/mod_dir.erl
index cdc7cc01e4..35e9de24e2 100644
--- a/lib/inets/src/http_server/mod_dir.erl
+++ b/lib/inets/src/http_server/mod_dir.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,9 +18,11 @@
 %%
 %%
 -module(mod_dir).
+
 -export([do/1]).
 
 -include("httpd.hrl").
+-include("httpd_internal.hrl").
 
 %% do
 
@@ -57,7 +59,7 @@ do_dir(Info) ->
     case file:read_file_info(DefaultPath) of
 	{ok,FileInfo} when FileInfo#file_info.type == directory ->
 	    DecodedRequestURI =
-		httpd_util:decode_hex(Info#mod.request_uri),
+		http_uri:decode(Info#mod.request_uri),
 	    ?DEBUG("do_dir -> ~n"
 		   "      Path:              ~p~n"
 		   "      DefaultPath:       ~p~n"