interchange-cvs at icdevgroup
Nov 5, 2009, 9:30 AM
Post #1 of 1
(48 views)
Permalink
|
|
[SCM] Interchange branch, master, updated. REL_5_7_2-36-g42377c5
|
|
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Interchange".
The branch, master has been updated
via 42377c51c4a1ed925a528d0f32d1838e342c8ada (commit)
via 90d447b0ca2bd800ab3a7add9545887c3e95d8b8 (commit)
from acf8d6506bb79904827f7821793b229bc04237fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 42377c51c4a1ed925a528d0f32d1838e342c8ada
Merge: 90d447b0ca2bd800ab3a7add9545887c3e95d8b8 acf8d6506bb79904827f7821793b229bc04237fe
Author: Stefan Hornburg (Racke) <racke[at]linuxia.de>
Date: Thu Nov 5 18:30:01 2009 +0100
Merge branch 'master' of ssh://git.icdevgroup.org/var/git/interchange
commit 90d447b0ca2bd800ab3a7add9545887c3e95d8b8
Author: Stefan Hornburg (Racke) <racke[at]linuxia.de>
Date: Thu Nov 5 18:19:20 2009 +0100
avoid XSS exploit reported by Justin Otten
-----------------------------------------------------------------------
Summary of changes and diff:
lib/Vend/Error.pm | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/lib/Vend/Error.pm b/lib/Vend/Error.pm
index 4a1f352..79df7a1 100644
--- a/lib/Vend/Error.pm
+++ b/lib/Vend/Error.pm
@@ -79,6 +79,11 @@ sub interaction_error {
logError( "Difficulty interacting with browser: %s", $msg );
+ # avoid XSS problem
+ if ($msg !~ /^[\w\s\.]+$/) {
+ $msg = 'Invalid CGI input.';
+ }
+
$page = readin(find_special_page('interact'));
if (defined $page) {
$page =~ s#\[message\]#$msg#ig;
hooks/post-receive
--
Interchange
_______________________________________________
interchange-cvs mailing list
interchange-cvs[at]icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-cvs
|
