From ddde90fc1afd45322bce25687661d515736b83c0 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 11 Mar 2010 01:01:49 +0000 Subject: Properly escape the URL used for return to and realm. The url path provided by apache was not escaped. Make sure to escape it before use. --- module/mod_auth_singleid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 4520009..bff48fb 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -963,7 +963,7 @@ sid_request_url (sid_request_t *req, int with_path) host = req->rec->hostname ? req->rec->hostname : ap_get_server_name (req->rec); scheme = is_ssl ? "https" : "http"; port = ap_get_server_port (req->rec); - uri = with_path && req->rec->uri ? req->rec->uri : ""; + uri = with_path && req->rec->uri ? ap_escape_uri (req->rec->pool, req->rec->uri) : ""; /* Default ports? */ if ((port == 80 && !is_ssl) || (port == 443 && is_ssl)) -- cgit v1.2.3