diff options
| author | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2019-08-28 21:18:53 -0400 |
|---|---|---|
| committer | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2019-09-03 01:53:12 -0400 |
| commit | 97a7b1f170e14c3fbbaed795ba8591a10831fa4e (patch) | |
| tree | 960774535d6945f72344029f1b8320cbf762477e /wsd/FileServer.cpp | |
| parent | leaflet: save only when not read-only (diff) | |
| download | online-97a7b1f170e14c3fbbaed795ba8591a10831fa4e.tar.gz online-97a7b1f170e14c3fbbaed795ba8591a10831fa4e.zip | |
wsd: sanitize url when error reporting
(cherry picked from commit 2b35ae713943abd5f51de383fb2d26ab96f73988)
Change-Id: I7937429f2f987212beaeb9a97b48bfedb0a7ac58
Diffstat (limited to 'wsd/FileServer.cpp')
| -rw-r--r-- | wsd/FileServer.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index bfde038c91..01e73cb79e 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -460,8 +460,10 @@ void FileServerRequestHandler::sendError(int errorCode, const Poco::Net::HTTPReq << "\r\n"; if (!shortMessage.empty()) { + std::string pathSanitized; + Poco::URI::encode(path, "", pathSanitized); oss << "<h1>Error: " << shortMessage << "</h1>" - "<p>" << longMessage << " " << path << "</p>" + "<p>" << longMessage << ' ' << pathSanitized << "</p>" "<p>Please contact your system administrator.</p>"; } socket->send(oss.str()); @@ -740,6 +742,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco:: LOG_TRC("Denied all frame ancestors"); cspOss << "img-src 'self' data: none;"; } + cspOss << "\r\n"; // Append CSP to response headers too oss << cspOss.str(); |