Age | Commit message (Collapse) | Author |
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/vsn.mk
|
|
|
|
|
|
|
|
server crash (non-fatal) with no reply to client. Will now
result in a reply with status code 400.
OTP-9674
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/r14/OTP-9674' into bmk/inets/inets572_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
|
|
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/r13/OTP-9674' into bmk/inets/httpd/xss_with_bad_header_date/r14/OTP-9674
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_server/mod_responsecontrol.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpd_1_1.erl
lib/inets/test/httpd_SUITE.erl
lib/inets/test/httpd_mod.erl
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
|
|
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/http_lib/http_util.erl
lib/inets/src/http_server/httpd_file.erl
lib/inets/src/http_server/httpd_request.erl
lib/inets/src/http_server/httpd_request_handler.erl
lib/inets/src/http_server/httpd_util.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_SUITE.erl
lib/inets/test/httpd_SUITE.erl
lib/inets/test/httpd_basic_SUITE.erl
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
|
|
OTP-9655
|
|
These dependency files was once used when building the documentation,
but are no longer needed.
|
|
Some applications still have support for an ancient documentation
build system. Eliminate the DOCSUPPORT define in otp.mk.in and the
not taken arm of the ifdefs in the Makefiles.
|
|
OTP-9655
|
|
do the actual html encode.
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
URL was encoded (hex-encoded).
OTP-9655
|
|
|
|
OTP-9628.
|
|
When a URI with a IPv6 host is parsed, the brackets that encapsulates
the nnn is removed. This value is then supplied as the host header.
This can cause problems with some servers.
A workaround for this is to use headers_as_is and provide the host
header with the requst call
To solve this a new option has been added, ipv6_host_with_brackets.
This option specifies if the host value of the host header shall include
the branckets or not. By default, it does not (as before).
OTP-9628
|
|
{error, Reason} | {ok, ParsedURL}
|
|
|
|
|
|
|
|
comments
|
|
* dev:
Update copyright years
|
|
|
|
|
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_cookie_SUITE.erl
lib/inets/vsn.mk
|
|
|
|
That is, if the parsing fails, the date should be ignored.
Also added support for (yet another) date format:
"Tue Jan 01 08:00:01 2036 GMT".
OTP-9433
[httpc] Rewrote cookie parsing. Among other things solving
cookie processing from www.expedia.com.
OTP-9434
[httpd] Fix httpd directory traversal on Windows.
Directory traversal was possible on Windows where
backward slash is used as directory separator.
Andr�s Veres-Szentkir�lyi.
OTP-9561
Merge branch 'bmk/inets/inets571_integration' into dev
|
|
Conflicts:
erts/aclocal.m4
erts/include/internal/ethread_header_config.h.in
|
|
bmk/inets/inets571_integration
Conflicts:
lib/inets/doc/src/notes.xml
|
|
|
|
|
|
bmk/inets/httpd/windows_dir_traversal/OTP-OTP-9561
|
|
as suggested in branch at/error_logger_calls.
|
|
That is how long the ftp client will wait for the server to connect
to the data socket. If this timeout occurs, an error will be returned
to the caller and the ftp client process will be terminated.
OTP-9545
|
|
|
|
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
|
|
|
|
|
|
|
|
[httpc] Deprecated interface module <c>http</c> has been removed.
It has (long) been replaced by http client interface module httpc.
OTP-9359
[httpc|httpd] The old ssl implementation (based on OpenSSL),
has been deprecated. The config option that specified usage of
this version of the ssl app, *ossl*, has been removed.
OTP-9522
|
|
cookie processing from www.expedia.com.
OTP-9434
|
|
That is, if the parsing fails, the date should be ignored.
Also added support for (yet another) date format: "Tue Jan 01 08:00:01 2036 GMT"
OTP-9433
|