aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets
AgeCommit message (Collapse)Author
2011-11-01[httpd] GET request with malformed header date causedMicael Karlberg
server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674 Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/OTP-9674' into bmk/inets/inets536_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src lib/inets/test/httpd_test_lib.erl lib/inets/vsn.mk
2011-11-01[httpd] GET request with malformed header date causedMicael Karlberg
server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674
2011-11-01Added versions 5.2, 5.1.3 and 5.1.2 again.Micael Karlberg
OTP-9655
2011-10-26Uncommented ipv6 test cases.Micael Karlberg
OTP-9655
2011-10-26Fixed HTML encode. First *try* to hex decode uri, and thenMicael Karlberg
do the actual html encode. OTP-9655
2011-10-26Skip catching hex decode failure.Micael Karlberg
OTP-9655
2011-10-26Fixed hex-decoding.Micael Karlberg
OTP-9655
2011-10-25Problems with proxy test cases.Micael Karlberg
OTP-9655
2011-10-25Added release notes, appup and correct version.Micael Karlberg
OTP-9655
2011-10-25The XSS prevention methods used was confused if theMicael Karlberg
URL was encoded (hex-encoded). OTP-9655
2011-09-15Updated http-server to make sure URLs in error-messagesMicael Karlberg
are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application. OTP-8940 [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. Michael Santos OTP-9124
2010-09-01Remove copyright headers in vsn.mk filesBjörn Gustavsson
Copyright notices serve no useful purpose in vsn.mk files, and only complicate scripts that automatically update version numbers.
2010-08-23inets: Patch 1129Micael Karlberg
OTP-8739 [httpc] If a request times out (not connect timeout), the handler process exited (normal) but neglected to inform the manager process. For this reason, the manager did not clean up the request table, resulting in a memory leak. Also the manager did not create a monitor for the handler, so in an unforseen handler crash, this could also create a memory leak. OTP-8741 The service tftp was spelled wrong in documentation and in some parts of the code. It should be tftp. OTP-8742 [httpc] Replaced the old http client api module (http) with the new, httpc in the users guide.
2010-08-20inets: Patch 1122Micael Karlberg
OTP-8609 [httpc] Made cookie handling more case insensitive. OTP-8610 [httpc|httpd] Some netscape cookie dates are given with a 2-digit year (e.g. 06 = 2006). OTP-8624 [httpd] Added support (again) for the documented debugging features. See the User's Guide Configuration chapter for more info.
2010-08-20inets: Patch 1115Micael Karlberg
OTP-8542 [httpc] Memory leak plugged. The profile manager never cleaned up in its handler database. This meant that with each new request handler, another entry was created that was never deleted. Eventually the request id counter (used as a key) would wrap, but the machine would most likely run out of memory before that happened. OTP-8607 [httpc] https requests with default port not handled properly. Jebu Ittiachen.
2010-08-20inets: Patch 1111Micael Karlberg
OTP-8508 [httpc] Badly formated error reason for errors occuring during initial connec to a servert. Also, the possible error reasons was not properly documented. OTP-8509 [httpd] Issues with ESI erl_script_timeout. </p> *) The "erl_script_timeout" config option is ducumented as a number of seconds. But when parsing the config, in the new format (not a config file), it was handled as if in number of milliseconds. *) When the erl-script-timeout time was exceeded, the server incorrectly marked the answer as sent, thereby leaving client hanging (with an incomplete answer). This has been changed, so that now the socket will be closed.
2010-02-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327,Micael Karlberg
OTP-8349, OTP-8351, OTP-8352, OTP-8359 & OTP-8371.
2010-02-13OTP-8431: Fix error handling of httpc_manager and its starter processMicael Karlberg
OTP-8431: [email protected]
2010-01-19OTP-8016 [httpc] Several more or less critical fixes: * Initial callMicael Karlberg
between the httpc manager and request handler was synchronous. When the manager starts a new request handler, this is no longer a synchronous operation. Previously, the new request handler made the connection to the server and issuing of the first request (the reason for starting it) in the gen_server init function. If the connection for some reason "took some time", the manager hanged, leaving all other activities by that manager also hanging. As a side-effect of these changes, some modules was also renamed, and a new api module, httpc, has been introduced (the old module, http, is *not* removed, but is now just wrapper for httpc).
2010-01-19OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327,Micael Karlberg
OTP-8349, OTP-8351, OTP-8352, OTP-8359 & OTP-8371.
2010-01-15OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2010-01-14OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2010-01-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2010-01-13OTP-8016 TBDMicael Karlberg
2010-01-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2009-11-25Fixing various dialyzer and copyright problems.Micael Karlberg
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP