From 379f6f508ddd8dfce9a952dcd2bdcbd52ee11f5a Mon Sep 17 00:00:00 2001 From: dchokshi Date: Fri, 22 Jan 2016 15:51:56 -0500 Subject: [PATCH] TS-4145 Fix cross-site scripting exploits in error messages. Address potential cross-site scripting exploits in the following files: 1.) Replace the variable psh with epsh in files: proxy/config/body_factory/default/redirect#moved_temporarily proxy/config/body_factory/default/redirect#moved_permanently 2.) Variable cqh in proxy/config/body_factory/default/access#redirect_url should be replaced with ecqh. However the files appears unutilized in ATS 6.0.0, hence remove from Makefile alltogether. --- proxy/config/body_factory/default/Makefile.am | 1 - proxy/config/body_factory/default/redirect#moved_permanently | 2 +- proxy/config/body_factory/default/redirect#moved_temporarily | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/proxy/config/body_factory/default/Makefile.am b/proxy/config/body_factory/default/Makefile.am index a9402ba3589..d89311a36f5 100644 --- a/proxy/config/body_factory/default/Makefile.am +++ b/proxy/config/body_factory/default/Makefile.am @@ -21,7 +21,6 @@ bodyfactorydir = $(pkgsysconfdir)/body_factory/default dist_bodyfactory_DATA = \ access\#denied \ access\#proxy_auth_required \ - access\#redirect_url \ access\#ssl_forbidden \ .body_factory_info \ cache\#not_in_cache \ diff --git a/proxy/config/body_factory/default/redirect#moved_permanently b/proxy/config/body_factory/default/redirect#moved_permanently index a5c50369e89..171e9276768 100644 --- a/proxy/config/body_factory/default/redirect#moved_permanently +++ b/proxy/config/body_factory/default/redirect#moved_permanently @@ -8,7 +8,7 @@
-Description: The document you requested has moved to a new location. The new location is "%<{Location}psh>". +Description: The document you requested has moved to a new location. The new location is "%<{Location}epsh>".
diff --git a/proxy/config/body_factory/default/redirect#moved_temporarily b/proxy/config/body_factory/default/redirect#moved_temporarily index a5c50369e89..171e9276768 100644 --- a/proxy/config/body_factory/default/redirect#moved_temporarily +++ b/proxy/config/body_factory/default/redirect#moved_temporarily @@ -8,7 +8,7 @@
-Description: The document you requested has moved to a new location. The new location is "%<{Location}psh>". +Description: The document you requested has moved to a new location. The new location is "%<{Location}epsh>".