Log Message: |
mod_negotiation: Escape filenames in variant list
to prevent an possible XSS for a site where untrusted
users can upload files to a location with MultiViews
enabled.
SECURITY: CVE-2012-2687 (cve.mitre.org):
Submitted by: Niels Heinen <heinenn google.com>
Reviewed by: trawick, wrowe
Backported by: rjung
|