[httpd] XSS prevention did not work for hex-encoded URL's.

OTP-9655 Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/inets536_integration
author: Micael Karlberg <[email protected]> 2011-11-01 18:14:58 +0100
committer: Micael Karlberg <[email protected]> 2011-11-01 18:14:58 +0100
commit: 2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea (patch)
tree: e47f27ddf5c4a2846bbe578e18d9f41b9de10c15 /lib/inets/test/httpd_SUITE.erl
parent: f8b20b4a995727f0339074d23a0fae50712683d2 (diff)
parent: b6719f7943cbaeb10d5121f360f9540db494b639 (diff)
download: otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.gz
otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.bz2
otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.zip
1 files changed, 11 insertions, 11 deletions
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index 7403d4a643..4a510f013e 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -126,7 +126,7 @@ all(suite) ->
      http_1_1_ip, 
      http_1_0_ip, 
      http_0_9_ip, 
-     %% ipv6, 
+     ipv6, 
      tickets
     ].
  
@@ -1611,24 +1611,24 @@ ticket_5913(doc) ->
     ["Tests that a header without last-modified is handled"];
 ticket_5913(suite) -> [];
 ticket_5913(Config) ->
-    ok=httpd_test_lib:verify_request(ip_comm, ?config(host, Config),
-				     ?IP_PORT, ?config(node, Config),
+    ok = httpd_test_lib:verify_request(ip_comm, ?config(host, Config),
+				       ?IP_PORT, ?config(node, Config),
 				       "GET /cgi-bin/erl/httpd_example:get_bin "
 				       "HTTP/1.0\r\n\r\n", 
 				       [{statuscode, 200},
-				       {version, "HTTP/1.0"}]),
+					{version, "HTTP/1.0"}]),
     ok.
 
 ticket_6003(doc) ->
     ["Tests that a URI with a bad hexadecimal code is handled"];
 ticket_6003(suite) -> [];
 ticket_6003(Config) ->
-    ok=httpd_test_lib:verify_request(ip_comm, ?config(host, Config),
-				     ?IP_PORT, ?config(node, Config),
-				     "GET http://www.erlang.org/%skalle "
-				     "HTTP/1.0\r\n\r\n",
-				     [{statuscode, 400},
-				      {version, "HTTP/1.0"}]),
+    ok = httpd_test_lib:verify_request(ip_comm, ?config(host, Config),
+				       ?IP_PORT, ?config(node, Config),
+				       "GET http://www.erlang.org/%skalle "
+				       "HTTP/1.0\r\n\r\n",
+				       [{statuscode, 400},
+					{version, "HTTP/1.0"}]),
     ok.
 
 ticket_7304(doc) ->
author	Micael Karlberg <[email protected]>	2011-11-01 18:14:58 +0100
committer	Micael Karlberg <[email protected]>	2011-11-01 18:14:58 +0100
commit	2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea (patch)
tree	e47f27ddf5c4a2846bbe578e18d9f41b9de10c15 /lib/inets/test/httpd_SUITE.erl
parent	f8b20b4a995727f0339074d23a0fae50712683d2 (diff)
parent	b6719f7943cbaeb10d5121f360f9540db494b639 (diff)
download	otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.gz otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.bz2 otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.zip