# SECURITY: CVE-2008-2939 (cve.mitre.org)
# mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
# the FTP URL. Discovered by Marc Bevand of Rapid7.
Index: modules/proxy/mod_proxy_ftp.c
===================================================================
--- modules/proxy/mod_proxy_ftp.c	(Revision 682869)
+++ modules/proxy/mod_proxy_ftp.c	(Revision 682870)
@@ -383,6 +383,7 @@
                                                            c->bucket_alloc));
         }
         if (wildcard != NULL) {
+            wildcard = ap_escape_html(p, wildcard);
             APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
                                                            strlen(wildcard), p,
                                                            c->bucket_alloc));