Bring forward the fix for CVE-2005-3352 already on the branches: * modules/mappers/mod_imagemap.c (imap_url): Escape the referer. * server/util.c (ap_escape_html): Escape the " character. Submitted by: mjc Reviewed by: fielding, jorton