| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Many HTTP headers are optional, and it could be desirable for the
server to filter and maybe even alter them without replacing the
mod_* modules that generate/process them. Add new behaviour
httpd_custom_api with default implementation in httpd_custom.erl.
Add behaviour module in 18 as then we can specify optional callbacks.
|
|
|
|
Gracefully handle invalid content-lenght headers instead of
crashing in list_to_integer.
|
|
|
|
|
|
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/http_lib/http_util.erl
lib/inets/src/http_server/httpd_file.erl
lib/inets/src/http_server/httpd_request.erl
lib/inets/src/http_server/httpd_request_handler.erl
lib/inets/src/http_server/httpd_util.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_SUITE.erl
lib/inets/test/httpd_SUITE.erl
lib/inets/test/httpd_basic_SUITE.erl
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
do the actual html encode.
OTP-9655
|
|
|
|
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
Although the validation in httpd_request works well on platforms using
forward slash as directory separator, on Windows systems, this
protection can be circumvented using URLs containing backslashes.
This way, any file accessible to the user running the server (even
those outside the document root) can be read through HTTP. This commit
solves the problem by expanding the list of path separators to '/\\'.
|
|
added missing include directory.
|
|
OTP-8564: Update deeprication status.
OTP-8573: Inets mod_alias URL rewrite.
|
|
OTP-8351, OTP-8359 & OTP-8371.
|
|
|
