http://svn.apache.org/viewvc?view=rev&revision=603282 --- httpd-2.2.3/modules/mappers/mod_imagemap.c.cve5000 +++ httpd-2.2.3/modules/mappers/mod_imagemap.c @@ -479,13 +479,16 @@ static int imap_reply(request_rec *r, ch static void menu_header(request_rec *r, char *menu) { - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); - ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", r->uri, - "</title>\n</head><body>\n", NULL); + ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", + ap_escape_html(r->pool, r->uri), + "</title>\n</head><body>\n", NULL); if (!strcasecmp(menu, "formatted")) { - ap_rvputs(r, "<h1>Menu for ", r->uri, "</h1>\n<hr />\n\n", NULL); + ap_rvputs(r, "<h1>Menu for ", + ap_escape_html(r->pool, r->uri), + "</h1>\n<hr />\n\n", NULL); } return;