commit | c1ba6f54d32b707ca6d91cb3257ce9de82876b6f | [log] [tgz] |
---|---|---|
author | Nick Wellnhofer <wellnhofer@aevum.de> | Sat Aug 15 18:32:29 2020 +0200 |
committer | Nick Wellnhofer <wellnhofer@aevum.de> | Sat Aug 15 18:32:29 2020 +0200 |
tree | 37da6df973eadc11dbf26d85669221aa5ebca4a9 | |
parent | b82fa3dd26a72c89ced293d06269eb97bb252d76 [diff] |
Revert "Do not URI escape in server side includes" This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588. This commit introduced - an infinite loop, found by OSS-Fuzz, which could be easily fixed. - an algorithm with quadratic runtime - a security issue, see https://bugzilla.gnome.org/show_bug.cgi?id=769760 A better approach is to add an option not to escape URLs at all which libxml2 should have possibly done in the first place.