#3106 Apache error message must be HTML-escaped

1.400
closed-fixed
Jamie Cameron
5
2008-04-20
2008-04-20
Hendy Irawan
No

When restarting Apache and failed due to error, the error message is delivered as is (without HTML escaping).

For example:

User cannot occur within <VirtualHost> section

Appear as:

User cannot occur within section

In addition to giving the incorrect message, this may also be a security hole.

Discussion

  • Jamie Cameron
    Jamie Cameron
    2008-04-20

    • status: open --> closed-fixed
     
  • Jamie Cameron
    Jamie Cameron
    2008-04-20

    Logged In: YES
    user_id=129364
    Originator: NO

    Thanks - I will fix this in the next Webmin release.

     
  • Hendy Irawan
    Hendy Irawan
    2008-04-20

    Logged In: YES
    user_id=548340
    Originator: YES

    Wow. Thanks.

    Wow.. it's definitely the fastest bug fix in a bug I reported.

    Thank you.