Welcome! Log In Create A New Profile

Advanced

Re: bug in autoindex module

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
December 30, 2009 06:00PM
Hello!

On Thu, Dec 31, 2009 at 12:45:18AM +0700, Edho P Arief wrote:

> On Tue, Dec 29, 2009 at 5:20 PM, Edho P Arief <edhoprima@gmail.com> wrote:
> > Don't know if found by someone else, but I find this bug today in
> > autoindex module.
> >
> > Basically, the file/dirname is not escaped properly.
> >
> > To reproduce:
> > - enable autoindex in a directory
> > - create file with name "some<em>thing" in the directory
> > - view the (broken) directory list in web
> >
>
> it should use ngx_escape_html - I've tried modifying it but I don't
> know enough C to correctly fix it.

I'm currently looking in it, stay tuned.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

bug in autoindex module

edogawaconan December 29, 2009 05:26AM

Re: bug in autoindex module

edogawaconan December 30, 2009 12:50PM

Re: bug in autoindex module

Maxim Dounin December 30, 2009 06:00PM

Re: bug in autoindex module

Maxim Dounin December 31, 2009 09:20AM

Re: bug in autoindex module

Ross December 30, 2009 01:22PM

Re: bug in autoindex module

Maxim Dounin December 30, 2009 06:10PM

Re: bug in autoindex module

Maxim Dounin December 31, 2009 09:22AM

Re: bug in autoindex module

Ross December 31, 2009 09:56AM

Re: bug in autoindex module

Maxim Dounin December 31, 2009 11:10AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 147
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready