From 98fd9df4c4a04554fd2f707ca9ea2d674fad984d Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Thu, 15 Sep 2011 09:43:48 +0200
Subject: Updated http-server to make sure URLs in error-messages are
 URL-encoded. Added support in http-client to use URL-encoding. Also added the
 missing include directory for the inets application.

OTP-8940

[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos

OTP-9124
---
 lib/inets/src/http_lib/http_transport.erl | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

(limited to 'lib/inets/src/http_lib/http_transport.erl')

diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index 7c2ac626e6..587d215051 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -150,17 +150,22 @@ listen_ip_comm(Addr, Port) ->
     case IpFamily of
 	inet6fb4 -> 
 	    Opts2 = [inet6 | Opts], 
+	    ?hlrt("try ipv6 listen", [{port, NewPort}, {opts, Opts2}]),
 	    case (catch gen_tcp:listen(NewPort, Opts2)) of
 		{error, Reason} when ((Reason =:= nxdomain) orelse 
 				      (Reason =:= eafnosupport)) ->
 		    Opts3 = [inet | Opts], 
+		    ?hlrt("ipv6 listen failed - try ipv4 instead", 
+                          [{reason, Reason}, {port, NewPort}, {opts, Opts3}]),
 		    gen_tcp:listen(NewPort, Opts3);
 
 		%% This is when a given hostname has resolved to a 
 		%% IPv4-address. The inet6-option together with a 
 		%% {ip, IPv4} option results in badarg
-		{'EXIT', _} -> 
+		{'EXIT', Reason} -> 
 		    Opts3 = [inet | Opts], 
+		    ?hlrt("ipv6 listen exit - try ipv4 instead", 
+                          [{reason, Reason}, {port, NewPort}, {opts, Opts3}]),
 		    gen_tcp:listen(NewPort, Opts3); 
 
 		Other ->
@@ -168,6 +173,7 @@ listen_ip_comm(Addr, Port) ->
 	    end;
 	_ ->
 	    Opts2 = [IpFamily | Opts],
+	    ?hlrt("listen", [{port, NewPort}, {opts, Opts2}]),
 	    gen_tcp:listen(NewPort, Opts2)
     end.
 
@@ -364,7 +370,21 @@ peername(ip_comm, Socket) ->
 		http_util:integer_to_hexlist(G) ++":"++  
 		http_util:integer_to_hexlist(H),
 	    {Port, PeerName};
-	{error, _} ->
+	{error, Reason} ->
+	    Report = io_lib:format("~p Failed getting PeerName for socket ~p: "
+				   "~n   Reason:      ~p"
+				   "~n   Socket stat: ~p"
+				   "~n   IfList:      ~p"
+				   "~n   Fd:          ~p"
+				   "~n", 
+                                   [self(), 
+				    Socket, 
+				    Reason,
+				    (catch inet:getstat(Socket)),
+				    (catch inet:getiflist(Socket)),
+				    (catch inet:getfd(Socket))
+				   ]),
+	    (catch error_logger:error_report(Report)), 
 	    {-1, "unknown"}
     end;
 
-- 
cgit v1.2.3