On 11 Jul 2001 09:22:57 +0930, Sean Burford wrote:
> Hi,
>
> I would like to be able to output the request proxy auth user name on
> the error page, so that I can determine the cause of the failure (ie,
> check the blocked access flag for the user) using a CGI and give the
> user a useful error page.
>
> The attached patch (against 2.2 stable5, also works with 2.4 stable1)
> adds a %r variable, that implements what I have suggested above.
<snip>
> + case 'r':
> + p = r ? r->user_ident : "[unknown user]";
> break;
This should be quoted to prevent cross-site scripting, in case someone finds a way to inject arbitrary text into the browsers attempted credentials - particularly an issue for acceleration mode where a user@ url could be used.
Rob
Received on Sun Aug 05 2001 - 21:08:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:09 MST