--- httpd-2.2.6/modules/proxy/mod_proxy_balancer.c.cve-2007-6421 2008-01-15 12:24:56.000000000 -0500
+++ httpd-2.2.6/modules/proxy/mod_proxy_balancer.c 2008-01-15 12:27:30.000000000 -0500
@@ -785,8 +785,13 @@ static int balancer_handler(request_rec
ap_escape_uri(r->pool, worker->name),
"\">", NULL);
ap_rvputs(r, worker->name, "</a></td>", NULL);
- ap_rvputs(r, "<td>", worker->s->route, NULL);
- ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
+ ap_rvputs(r, "<td>",
+ worker->s->route ? ap_escape_html(r->pool, worker->s->route)
+ : "", NULL);
+ ap_rvputs(r, "</td><td>",
+ worker->s->redirect ?
+ ap_escape_html(r->pool, worker->s->redirect)
+ : "", NULL);
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
if (worker->s->status & PROXY_WORKER_DISABLED)
@@ -824,10 +829,10 @@ static int balancer_handler(request_rec
ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r);
ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset);
ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->route, NULL);
+ ap_rvputs(r, "value=\"", wsel->route ? ap_escape_html(r->pool, wsel->route) : "", NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->redirect, NULL);
+ ap_rvputs(r, "value=\"", wsel->redirect ? ap_escape_html(r->pool, wsel->redirect) : "", NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
if (wsel->s->status & PROXY_WORKER_DISABLED)
