@@ -164,6 +164,7 @@ typedef struct HTTPContext {

     char protocol[16];

     char method[16];

     char url[128];

+    char clean_url[128*7];

     int buffer_size;

     uint8_t *buffer;

     int is_packetized; /* if true, the stream is packetized */

@@ -1920,6 +1921,34 @@ static inline void print_stream_params(AVIOContext *pb, FFServerStream *stream)

      avio_printf(pb, "</table>\n");

 }

+static void clean_html(char *clean, int clean_len, char *dirty)

+{

+    int i, o;

+

+    for (o = i = 0; o+10 < clean_len && dirty[i];) {

+        int len = strspn(dirty+i, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$-_.+!*(),?/ :;%");

+        if (len) {

+            if (o + len >= clean_len)

+                break;

+            memcpy(clean + o, dirty + i, len);

+            i += len;

+            o += len;

+        } else {

+            int c = dirty[i++];

+            switch (c) {

+            case  '&': av_strlcat(clean+o, "&"  , clean_len - o); break;

+            case  '<': av_strlcat(clean+o, "&lt;"   , clean_len - o); break;

+            case  '>': av_strlcat(clean+o, ">"   , clean_len - o); break;

+            case '\'': av_strlcat(clean+o, "'" , clean_len - o); break;

+            case '\"': av_strlcat(clean+o, """ , clean_len - o); break;

+            default:   av_strlcat(clean+o, "☹", clean_len - o); break;

+            }

+            o += strlen(clean+o);

+        }

+    }

+    clean[o] = 0;

+}

+

 static void compute_status(HTTPContext *c)

 {

     HTTPContext *c1;

@@ -2107,7 +2136,7 @@ static void compute_status(HTTPContext *c)

                 current_bandwidth, config.max_bandwidth);

     avio_printf(pb, "<table>\n");

-    avio_printf(pb, "<tr><th>#<th>File<th>IP<th>Proto<th>State<th>Target "

+    avio_printf(pb, "<tr><th>#<th>File<th>IP<th>URL<th>Proto<th>State<th>Target "

                     "bit/s<th>Actual bit/s<th>Bytes transferred\n");

     c1 = first_http_ctx;

     i = 0;

@@ -2127,10 +2156,13 @@ static void compute_status(HTTPContext *c)

         i++;

         p = inet_ntoa(c1->from_addr.sin_addr);

-        avio_printf(pb, "<tr><td><b>%d</b><td>%s%s<td>%s<td>%s<td>%s"

+        clean_html(c1->clean_url, sizeof(c1->clean_url), c1->url);

+        avio_printf(pb, "<tr><td><b>%d</b><td>%s%s<td>%s<td>%s<td>%s<td>%s"

                         "<td align=right>",

                     i, c1->stream ? c1->stream->filename : "",

-                    c1->state == HTTPSTATE_RECEIVE_DATA ? "(input)" : "", p,

+                    c1->state == HTTPSTATE_RECEIVE_DATA ? "(input)" : "",

+                    p,

+                    c1->clean_url,

                     c1->protocol, http_state[c1->state]);

         fmt_bytecount(pb, bitrate);

         avio_printf(pb, "<td align=right>");

@@ -28,7 +28,7 @@ sleep 2

         fi

         do_md5sum ff-$file >>ffserver.regression

     done

-    wget  $WGET_OPTIONS -O - teststat.html http://localhost:9999/teststat.html > ff-stat 2>/dev/null

+    wget  $WGET_OPTIONS -O - 'http://localhost:9999/teststat.html?abc' > ff-stat 2>/dev/null

     do_md5sum ff-stat >>ffserver.regression

 )

 kill $FFSERVER_PID

@@ -8,4 +8,4 @@ d41d8cd98f00b204e9800998ecf8427e *ff-test_l.rm

 4c887dfc1dd0f6ea1a3a2be6dd32e495 *ff-test.jpg

 1d04b73b04aad27793cc762d5afabac1 *ff-test_small.jpg

 bc36c40ee34ebee6ffe50f3094aab733 *ff-test.mjpg

-9b72c3d6d89a038fa141fe636baa2c0e *ff-stat

+56c8b3ba2c4f3eebfa6d2a895e042ee3 *ff-stat