Updated http-server to make sure URLs in error-messages

are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application. OTP-8940 [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. Michael Santos OTP-9124
author: Micael Karlberg <[email protected]> 2011-09-15 09:43:48 +0200
committer: Micael Karlberg <[email protected]> 2011-09-15 09:43:48 +0200
commit: 98fd9df4c4a04554fd2f707ca9ea2d674fad984d (patch)
tree: 8861e1e85f352d828cf31f0690feaae63c0088bd /lib/inets/src/http_server
parent: 50261525973798faf7f62ea02356447b16e5fc56 (diff)
download: otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.gz
otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.bz2
otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.zip
18 files changed, 96 insertions, 66 deletions
diff --git a/lib/inets/src/http_server/Makefile b/lib/inets/src/http_server/Makefile
index ce1405011e..3c36b384b8 100644
--- a/lib/inets/src/http_server/Makefile
+++ b/lib/inets/src/http_server/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -98,12 +98,16 @@ INETS_FLAGS = -D'SERVER_SOFTWARE="$(APPLICATION)/$(VSN)"'
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
-INETS_ERL_FLAGS += -I ../http_lib -I ../inets_app -pa ../../ebin
-
-ERL_COMPILE_FLAGS += $(INETS_ERL_FLAGS) \
-		     $(INETS_FLAGS) \
-                     +'{parse_transform,sys_pre_attributes}' \
-                     +'{attribute,insert,app_vsn,$(APP_VSN)}'
+INETS_ERL_FLAGS += \
+	-I ../http_lib \
+	-I ../inets_app \
+	-pa $(ERL_TOP)/lib/inets/ebin
+
+ERL_COMPILE_FLAGS += \
+	$(INETS_ERL_FLAGS) \
+	$(INETS_FLAGS) \
+	+'{parse_transform,sys_pre_attributes}' \
+	+'{attribute,insert,app_vsn,$(APP_VSN)}'
 
 
 # ----------------------------------------------------
diff --git a/lib/inets/src/http_server/httpd.erl b/lib/inets/src/http_server/httpd.erl
index 8fe54ccef6..a88d002b03 100644
--- a/lib/inets/src/http_server/httpd.erl
+++ b/lib/inets/src/http_server/httpd.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -349,8 +349,8 @@ foreach([KeyValue|Rest]) ->
   {ok, Plus2Space, _} = inets_regexp:gsub(KeyValue,"[\+]"," "),
   case inets_regexp:split(Plus2Space,"=") of
     {ok,[Key|Value]} ->
-      [{httpd_util:decode_hex(Key),
-	httpd_util:decode_hex(lists:flatten(Value))}|foreach(Rest)];
+	  [{http_uri:decode(Key), http_uri:decode(lists:flatten(Value))}|
+	   foreach(Rest)];
     {ok,_} ->
       foreach(Rest)
   end.
diff --git a/lib/inets/src/http_server/httpd_acceptor.erl b/lib/inets/src/http_server/httpd_acceptor.erl
index 568fd3c610..fef3fe58c6 100644
--- a/lib/inets/src/http_server/httpd_acceptor.erl
+++ b/lib/inets/src/http_server/httpd_acceptor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,7 @@
 
 -include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 %% Internal application API
 -export([start_link/5, start_link/6]).
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index 5ca2e47eb5..2faf13e9b3 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,8 +30,9 @@
 	validate_properties/1]).
 
 -define(VMODULE,"CONF").
--include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("httpd.hrl").
+-include_lib("inets/src/http_lib/http_internal.hrl").
 
 
 %%%=========================================================================
diff --git a/lib/inets/src/http_server/httpd_file.erl b/lib/inets/src/http_server/httpd_file.erl
index 5fd529100e..fbe713ecd1 100644
--- a/lib/inets/src/http_server/httpd_file.erl
+++ b/lib/inets/src/http_server/httpd_file.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2006-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,6 +22,7 @@
 -export([handle_error/4]).
 
 -include("httpd.hrl").
+-include("httpd_internal.hrl").
 
 handle_error(eacces, Op, ModData, Path) ->
     handle_error(403, Op, ModData, Path,"");
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 8eee08e766..75f03c4fc2 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -256,9 +256,9 @@ validate_uri(RequestURI) ->
     UriNoQueryNoHex = 
 	case string:str(RequestURI, "?") of
 	    0 ->
-		(catch httpd_util:decode_hex(RequestURI));
+		(catch http_uri:decode(RequestURI));
 	    Ndx ->
-		(catch httpd_util:decode_hex(string:left(RequestURI, Ndx)))	
+		(catch http_uri:decode(string:left(RequestURI, Ndx)))
 	end,
     case UriNoQueryNoHex of
 	{'EXIT',_Reason} ->
diff --git a/lib/inets/src/http_server/httpd_sup.erl b/lib/inets/src/http_server/httpd_sup.erl
index 1507c6852a..90d74e3a14 100644
--- a/lib/inets/src/http_server/httpd_sup.erl
+++ b/lib/inets/src/http_server/httpd_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -37,6 +37,7 @@
 
 -define(TIMEOUT, 15000).
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 
 %%%=========================================================================
diff --git a/lib/inets/src/http_server/httpd_util.erl b/lib/inets/src/http_server/httpd_util.erl
index cfad79638f..7fe5d6d152 100644
--- a/lib/inets/src/http_server/httpd_util.erl
+++ b/lib/inets/src/http_server/httpd_util.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -export([ip_address/2, lookup/2, lookup/3, multi_lookup/2,
 	 lookup_mime/2, lookup_mime/3, lookup_mime_default/2,
 	 lookup_mime_default/3, reason_phrase/1, message/3, rfc1123_date/0,
-	 rfc1123_date/1, day/1, month/1, decode_hex/1,
+	 rfc1123_date/1, day/1, month/1, 
 	 flatlength/1, split_path/1, split_script_path/1, 
 	 suffix/1, split/3, uniq/1,
 	 make_name/2,make_name/3,make_name/4,strip/1,
@@ -32,7 +32,8 @@
 	 dir_validate/2, file_validate/2, mime_type_validate/1, 
 	 mime_types_validate/1, custom_date/0]).
 
--export([encode_hex/1]).
+-export([encode_hex/1, decode_hex/1]).
+
 -include_lib("kernel/include/file.hrl").
 
 ip_address({_,_,_,_} = Address, _IpFamily) ->
@@ -175,14 +176,15 @@ reason_phrase(_) -> "Internal Server Error".
 %% message
 
 message(301,URL,_) ->
-    "The document has moved <A HREF=\""++URL++"\">here</A>.";
+    "The document has moved <A HREF=\"" ++ maybe_encode(URL) ++"\">here</A>.";
 message(304, _URL,_) ->
     "The document has not been changed.";
-message(400,none,_) ->
+message(400, none, _) ->
     "Your browser sent a query that this server could not understand.";
-message(400,Msg,_) ->
-    "Your browser sent a query that this server could not understand. "++Msg;
-message(401,none,_) ->
+message(400, Msg, _) ->
+    "Your browser sent a query that this server could not understand. " ++ 
+	http_util:html_encode(Msg);
+message(401, none, _) ->
     "This server could not verify that you
 are authorized to access the document you
 	requested.  Either you supplied the wrong
@@ -190,40 +192,57 @@ credentials (e.g., bad password), or your
 browser doesn't understand how to supply
 the credentials required.";
 message(403,RequestURI,_) ->
-    "You don't have permission to access "++RequestURI++" on this server.";
+    "You don't have permission to access " ++ 
+	http_util:html_encode(RequestURI) ++ 
+	" on this server.";
 message(404,RequestURI,_) ->
-    "The requested URL "++RequestURI++" was not found on this server.";
+    "The requested URL " ++ 
+	http_util:html_encode(RequestURI) ++ 
+	" was not found on this server.";
 message(408, Timeout, _) ->
     Timeout;
 message(412,none,_) ->
     "The requested preconditions where false";
 message(413, Reason,_) ->
-    "Entity: " ++ Reason;
+    "Entity: " ++ http_util:html_encode(Reason);
 message(414,ReasonPhrase,_) ->
-    "Message "++ReasonPhrase++".";
+    "Message " ++ http_util:html_encode(ReasonPhrase) ++ ".";
 message(416,ReasonPhrase,_) ->
-    ReasonPhrase;
+    http_util:html_encode(ReasonPhrase);
 
 message(500,_,ConfigDB) ->
-    ServerAdmin=lookup(ConfigDB,server_admin,"unknown@unknown"),
+    ServerAdmin = lookup(ConfigDB, server_admin, "unknown@unknown"),
     "The server encountered an internal error or "
 	"misconfiguration and was unable to complete "
 	"your request.<P>Please contact the server administrator "
-	++ ServerAdmin ++ ", and inform them of the time the error occurred "
+	++ http_util:html_encode(ServerAdmin) ++ 
+	", and inform them of the time the error occurred "
 	"and anything you might have done that may have caused the error.";
 
 message(501,{Method, RequestURI, HTTPVersion}, _ConfigDB) ->
     if
 	is_atom(Method) ->
 	    atom_to_list(Method)++
-		" to "++RequestURI++" ("++HTTPVersion++") not supported.";
+		" to " ++ 
+		http_util:html_encode(RequestURI) ++ 
+		" (" ++ HTTPVersion ++ ") not supported.";
 	is_list(Method) ->
 	    Method++
-		" to "++RequestURI++" ("++HTTPVersion++") not supported."
+		" to " ++ 
+		http_util:html_encode(RequestURI) ++ 
+		" (" ++ HTTPVersion ++ ") not supported."
     end;
 
 message(503, String, _ConfigDB) ->
-    "This service in unavailable due to: "++String.
+    "This service in unavailable due to: " ++ http_util:html_encode(String).
+
+maybe_encode(URI) ->
+    case lists:member($%, URI) of
+		      true ->
+			     URI;
+		      false ->
+			     http_uri:encode(URI)
+		     end.
 
 %%convert_rfc_date(Date)->{{YYYY,MM,DD},{HH,MIN,SEC}}
 
@@ -381,16 +400,11 @@ month(12) -> "Dec".
 
 %% decode_hex
 
-decode_hex([$%,Hex1,Hex2|Rest]) ->
-    [hex2dec(Hex1)*16+hex2dec(Hex2)|decode_hex(Rest)];
-decode_hex([First|Rest]) ->
-    [First|decode_hex(Rest)];
-decode_hex([]) ->
-    [].
+decode_hex(URI) ->
+    http_uri:decode(URI).
 
-hex2dec(X) when (X>=$0) andalso (X=<$9) -> X-$0;
-hex2dec(X) when (X>=$A) andalso (X=<$F) -> X-$A+10;
-hex2dec(X) when (X>=$a) andalso (X=<$f) -> X-$a+10.
+encode_hex(URI) ->
+    http_uri:encode(URI).
 
 %% flatlength
 flatlength(List) ->
@@ -411,7 +425,7 @@ split_path(Path) ->
     case inets_regexp:match(Path,"[\?].*\$") of
 	%% A QUERY_STRING exists!
 	{match,Start,Length} ->
-	    {httpd_util:decode_hex(string:substr(Path,1,Start-1)),
+	    {http_uri:decode(string:substr(Path,1,Start-1)),
 	     string:substr(Path,Start,Length)};
 	%% A possible PATH_INFO exists!
 	nomatch ->
@@ -419,9 +433,9 @@ split_path(Path) ->
     end.
 
 split_path([],SoFar) ->
-    {httpd_util:decode_hex(lists:reverse(SoFar)),[]};
+    {http_uri:decode(lists:reverse(SoFar)),[]};
 split_path([$/|Rest],SoFar) ->
-    Path=httpd_util:decode_hex(lists:reverse(SoFar)),
+    Path = http_uri:decode(lists:reverse(SoFar)),
     case file:read_file_info(Path) of
 	{ok,FileInfo} when FileInfo#file_info.type =:= regular ->
 	    {Path,[$/|Rest]};
@@ -454,7 +468,7 @@ pathinfo_querystring([C|Rest], SoFar) ->
     pathinfo_querystring(Rest, [C|SoFar]).
 
 split_script_path([$?|QueryString], SoFar) ->
-    Path = httpd_util:decode_hex(lists:reverse(SoFar)),
+    Path = http_uri:decode(lists:reverse(SoFar)),
     case file:read_file_info(Path) of
 	{ok,FileInfo} when FileInfo#file_info.type =:= regular ->
 	    {Path, [$?|QueryString]};
@@ -464,7 +478,7 @@ split_script_path([$?|QueryString], SoFar) ->
 	    not_a_script
     end;
 split_script_path([], SoFar) ->
-    Path = httpd_util:decode_hex(lists:reverse(SoFar)),
+    Path = http_uri:decode(lists:reverse(SoFar)),
     case file:read_file_info(Path) of
 	{ok,FileInfo} when FileInfo#file_info.type =:= regular ->
 	    {Path, []};
@@ -474,7 +488,7 @@ split_script_path([], SoFar) ->
 	    not_a_script
     end;
 split_script_path([$/|Rest], SoFar) ->
-    Path = httpd_util:decode_hex(lists:reverse(SoFar)),
+    Path = http_uri:decode(lists:reverse(SoFar)),
     case file:read_file_info(Path) of
 	{ok, FileInfo} when FileInfo#file_info.type =:= regular ->
 	    {Path, [$/|Rest]};
@@ -608,8 +622,6 @@ hexlist_to_integer(List)->
 %%----------------------------------------------------------------------
 %%Converts an integer to an hexlist
 %%----------------------------------------------------------------------
-encode_hex(Num)->
-    integer_to_hexlist(Num).
 
 integer_to_hexlist(Num) when is_integer(Num) ->
     http_util:integer_to_hexlist(Num).
diff --git a/lib/inets/src/http_server/mod_alias.erl b/lib/inets/src/http_server/mod_alias.erl
index ec0a12242f..41fcdb5e3a 100644
--- a/lib/inets/src/http_server/mod_alias.erl
+++ b/lib/inets/src/http_server/mod_alias.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,6 +29,7 @@
 
 -include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -define(VMODULE,"ALIAS").
 
diff --git a/lib/inets/src/http_server/mod_auth.erl b/lib/inets/src/http_server/mod_auth.erl
index 07cafb4726..b1d8b03fe4 100644
--- a/lib/inets/src/http_server/mod_auth.erl
+++ b/lib/inets/src/http_server/mod_auth.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -38,6 +38,7 @@
 -include("httpd.hrl").
 -include("mod_auth.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -define(VMODULE,"AUTH").
 
diff --git a/lib/inets/src/http_server/mod_auth_dets.erl b/lib/inets/src/http_server/mod_auth_dets.erl
index bc6c2b70a0..2abf5c517a 100644
--- a/lib/inets/src/http_server/mod_auth_dets.erl
+++ b/lib/inets/src/http_server/mod_auth_dets.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -35,6 +35,7 @@
 -export([store_directory_data/3]).
 
 -include("httpd.hrl").
+-include("inets_internal.hrl").
 -include("mod_auth.hrl").
 
 store_directory_data(_Directory, DirData, Server_root) ->
diff --git a/lib/inets/src/http_server/mod_auth_plain.erl b/lib/inets/src/http_server/mod_auth_plain.erl
index d88859d28a..12342ba8da 100644
--- a/lib/inets/src/http_server/mod_auth_plain.erl
+++ b/lib/inets/src/http_server/mod_auth_plain.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,6 +22,7 @@
 -include("httpd.hrl").
 -include("mod_auth.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -define(VMODULE,"AUTH_PLAIN").
 
diff --git a/lib/inets/src/http_server/mod_auth_server.erl b/lib/inets/src/http_server/mod_auth_server.erl
index 5f9e59be9d..fc50356838 100644
--- a/lib/inets/src/http_server/mod_auth_server.erl
+++ b/lib/inets/src/http_server/mod_auth_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,6 +22,7 @@
 
 -include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -behaviour(gen_server).
 
diff --git a/lib/inets/src/http_server/mod_dir.erl b/lib/inets/src/http_server/mod_dir.erl
index cdc7cc01e4..35e9de24e2 100644
--- a/lib/inets/src/http_server/mod_dir.erl
+++ b/lib/inets/src/http_server/mod_dir.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,9 +18,11 @@
 %%
 %%
 -module(mod_dir).
+
 -export([do/1]).
 
 -include("httpd.hrl").
+-include("httpd_internal.hrl").
 
 %% do
 
@@ -57,7 +59,7 @@ do_dir(Info) ->
     case file:read_file_info(DefaultPath) of
 	{ok,FileInfo} when FileInfo#file_info.type == directory ->
 	    DecodedRequestURI =
-		httpd_util:decode_hex(Info#mod.request_uri),
+		http_uri:decode(Info#mod.request_uri),
 	    ?DEBUG("do_dir -> ~n"
 		   "      Path:              ~p~n"
 		   "      DefaultPath:       ~p~n"
diff --git a/lib/inets/src/http_server/mod_esi.erl b/lib/inets/src/http_server/mod_esi.erl
index cb33544540..bbdb67bb0e 100644
--- a/lib/inets/src/http_server/mod_esi.erl
+++ b/lib/inets/src/http_server/mod_esi.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,6 +29,7 @@
 -export([do/1, load/2, store/2]).
 
 -include("httpd.hrl").
+-include("inets_internal.hrl").
 
 -define(VMODULE,"ESI").
 -define(DEFAULT_ERL_TIMEOUT,15000).
diff --git a/lib/inets/src/http_server/mod_include.erl b/lib/inets/src/http_server/mod_include.erl
index 534eba8a36..790bf8f937 100644
--- a/lib/inets/src/http_server/mod_include.erl
+++ b/lib/inets/src/http_server/mod_include.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -186,9 +186,9 @@ document_uri(ConfigDB, RequestURI) ->
     FileName = string:substr(Path,Start,Length),
     case inets_regexp:match(VirtualPath, FileName++"\$") of
 	{match, _, _} ->
-	    httpd_util:decode_hex(VirtualPath)++AfterPath;
+	    http_uri:decode(VirtualPath)++AfterPath;
 	nomatch ->
-	    string:strip(httpd_util:decode_hex(VirtualPath),right,$/)++
+	    string:strip(http_uri:decode(VirtualPath),right,$/)++
 		"/"++FileName++AfterPath
     end.
 
diff --git a/lib/inets/src/http_server/mod_security.erl b/lib/inets/src/http_server/mod_security.erl
index 95793e1cfb..5cdbeb9792 100644
--- a/lib/inets/src/http_server/mod_security.erl
+++ b/lib/inets/src/http_server/mod_security.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -32,6 +32,7 @@
 
 -include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -define(VMODULE,"SEC").
 
diff --git a/lib/inets/src/http_server/mod_security_server.erl b/lib/inets/src/http_server/mod_security_server.erl
index 58060686b3..ca8bee0c8e 100644
--- a/lib/inets/src/http_server/mod_security_server.erl
+++ b/lib/inets/src/http_server/mod_security_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,6 +45,7 @@
 
 -include("httpd.hrl").
 -include("httpd_internal.hrl").
+-include("inets_internal.hrl").
 
 -behaviour(gen_server).
author	Micael Karlberg <[email protected]>	2011-09-15 09:43:48 +0200
committer	Micael Karlberg <[email protected]>	2011-09-15 09:43:48 +0200
commit	98fd9df4c4a04554fd2f707ca9ea2d674fad984d (patch)
tree	8861e1e85f352d828cf31f0690feaae63c0088bd /lib/inets/src/http_server
parent	50261525973798faf7f62ea02356447b16e5fc56 (diff)
download	otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.gz otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.bz2 otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.zip