otp.git - Mirror of Erlang/OTP repository.

Age	Commit message (Collapse)	Author
2011-05-12	Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in an exit with	Micael Karlberg
	reason badarg. Neither SSL nor INETS catches this, resulting in crashes with incomprehensible reasons. OTP-9289
2011-04-19	Default ssl kind changed to essl (from ossl).	Micael Karlberg

2011-04-06	Accepting file descriptors (fd) in the config for	Micael Karlberg
	socket type ip_comm.
2011-03-10	Merge branch 'ms/inets-prevent_xss_in_error_pages' into ↵	Micael Karlberg
	bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124
2011-03-03	Handling encoding of empty chunks.	Micael Karlberg

2011-02-22	inets: prevent XSS in error pages	Michael Santos
	Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. The reserved character set should be safe for displaying data within the body of HTML pages as outlined here: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet Previously, weird URLs were URI encoded in the error page. This worked quite well but the URL would be displayed in the HTML in percent encoded format. There was also a check for URIs that were already escaped (by the browser) that would fail if the browser sent an URI containing a "%", e.g.: w3m "http://localhost:8080/<b>foo</b>?%" Also encode the HTTP method and version, since it's possible they may be manipulated: <b>FOO</b> /index.html HTTP/1.0 GET /index.html <b>foo</b>/1.0 Encode the static messages to prevent characters from being interpreted as HTML such as "heavy load (>~w processes)".
2010-12-01	Merge branch 'ia/ssl/test-improvments' into dev	Ingela Anderton Andin

2010-11-30	Replaced error report with debug printout.	Micael Karlberg
	Also added some verbosity (dbg) printouts in the transport module (for ip_comm listen).
2010-11-29	URL-encoding - add support in client and more usage in server. Also	Ingela Anderton Andin
	added missing include directory.
2010-06-07	OTP-7907: Allow the use of the "new" ssl (essl).	Micael Karlberg
	OTP-8564: Update deeprication status. OTP-8573: Inets mod_alias URL rewrite.
2010-05-27	OTP-8609: Problems processing netscape cookies - expire	Micael Karlberg
	OTP-8610: Problem processing netscape cookies - date OTP-8624: Documented debug options not handled
2010-05-27	OTP-8609: Made cookie handling more case insensitive.	Micael Karlberg
	OTP-8610: Some netscape cookie dates are given with a 2-digit year.
2010-01-19	OTP-8016 [httpc] Several more or less critical fixes: * Initial call	Micael Karlberg
	between the httpc manager and request handler was synchronous. When the manager starts a new request handler, this is no longer a synchronous operation. Previously, the new request handler made the connection to the server and issuing of the first request (the reason for starting it) in the gen_server init function. If the connection for some reason "took some time", the manager hanged, leaving all other activities by that manager also hanging. As a side-effect of these changes, some modules was also renamed, and a new api module, httpc, has been introduced (the old module, http, is not removed, but is now just wrapper for httpc).
2010-01-13	OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,	Micael Karlberg
	OTP-8351, OTP-8359 & OTP-8371.
2009-11-20	The R13B03 release.OTP_R13B03	Erlang/OTP