bug in autoindex module
Edho P Arief
edhoprima at gmail.com
Wed Dec 30 20:45:18 MSK 2009
On Tue, Dec 29, 2009 at 5:20 PM, Edho P Arief <edhoprima at gmail.com> wrote:
> Don't know if found by someone else, but I find this bug today in
> autoindex module.
>
> Basically, the file/dirname is not escaped properly.
>
> To reproduce:
> - enable autoindex in a directory
> - create file with name "some<em>thing" in the directory
> - view the (broken) directory list in web
>
it should use ngx_escape_html - I've tried modifying it but I don't
know enough C to correctly fix it.
--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
More information about the nginx
mailing list