From: schwarze@mandoc.bsd.lv
To: source@mandoc.bsd.lv
Subject: cvsweb: Partial merge of rev.
Date: Sat, 9 Nov 2019 04:32:52 -0500 (EST) [thread overview]
Message-ID: <8d076898e4baea9d@mandoc.bsd.lv> (raw)
Log Message:
-----------
Partial merge of rev. 3.119.2.15; the rest will be fixed differently
because the original diff caused regressions.
Original commit message:
Patch from Peter J. Philipp <pjp at centroid dot eu>
to fix some opportunities for XSS;
triggered by a report from Ezio Paglia.
Modified Files:
--------------
cvsweb:
cvsweb.cgi
Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.6
retrieving revision 4.7
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.6 -r4.7
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -4194,6 +4194,7 @@ sub htmlquote($)
# Special Characters; RFC 1866
s/&/&/g;
s/\"/"/g;
+ s/%22/"/g;
s/</</g;
s/>/>/g;
return $_;
--
To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv
reply other threads:[~2019-11-09 9:32 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8d076898e4baea9d@mandoc.bsd.lv \
--to=schwarze@mandoc.bsd.lv \
--cc=source@mandoc.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).