From f9060599aeab81cb9282ddf51cc057bf1353208f Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Tue, 25 Oct 2011 12:34:56 +0200
Subject: The XSS prevention methods used was confused if the URL was encoded
 (hex-encoded). OTP-9655

---
 lib/inets/src/http_server/httpd_file.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/inets/src/http_server/httpd_file.erl')

diff --git a/lib/inets/src/http_server/httpd_file.erl b/lib/inets/src/http_server/httpd_file.erl
index fbe713ecd1..4490a6356a 100644
--- a/lib/inets/src/http_server/httpd_file.erl
+++ b/lib/inets/src/http_server/httpd_file.erl
@@ -39,8 +39,8 @@ handle_error(_Reason, Op, _ModData, Path) ->
     handle_error(500, Op, none, Path, "").
 	    
 handle_error(StatusCode, Op, none, Path, Reason) ->
-    {StatusCode, none, ?NICE("Can't " ++ Op ++ Path ++ Reason)};
+    {StatusCode, none, ?NICE("Can't " ++ Op ++ " " ++ Path ++ Reason)};
 
 handle_error(StatusCode, Op, ModData, Path, Reason) ->
     {StatusCode, ModData#mod.request_uri,
-     ?NICE("Can't " ++ Op ++ Path ++ Reason)}.
+     ?NICE("Can't " ++ Op ++ " " ++ Path ++ Reason)}.
-- 
cgit v1.2.3