Merge branch 'bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535' into maint-r13

* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
  Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.

1 files changed, 3 insertions, 3 deletions

diff --git a/lib/inets/src/http_server/mod_include.erl b/lib/inets/src/http_server/mod_include.erl
index 534eba8a36..790bf8f937 100644
--- a/lib/inets/src/http_server/mod_include.erl
+++ b/lib/inets/src/http_server/mod_include.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -186,9 +186,9 @@ document_uri(ConfigDB, RequestURI) ->
     FileName = string:substr(Path,Start,Length),
     case inets_regexp:match(VirtualPath, FileName++"\$") of
 	{match, _, _} ->
-	    httpd_util:decode_hex(VirtualPath)++AfterPath;
+	    http_uri:decode(VirtualPath)++AfterPath;
 	nomatch ->
-	    string:strip(httpd_util:decode_hex(VirtualPath),right,$/)++
+	    string:strip(http_uri:decode(VirtualPath),right,$/)++
 		"/"++FileName++AfterPath
     end.