* cvsweb: Partial merge of rev.
@ 2019-11-09 9:32 schwarze
0 siblings, 0 replies; only message in thread
From: schwarze @ 2019-11-09 9:32 UTC (permalink / raw)
To: source
Log Message:
-----------
Partial merge of rev. 3.119.2.15; the rest will be fixed differently
because the original diff caused regressions.
Original commit message:
Patch from Peter J. Philipp <pjp at centroid dot eu>
to fix some opportunities for XSS;
triggered by a report from Ezio Paglia.
Modified Files:
--------------
cvsweb:
cvsweb.cgi
Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.6
retrieving revision 4.7
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.6 -r4.7
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -4194,6 +4194,7 @@ sub htmlquote($)
# Special Characters; RFC 1866
s/&/&/g;
s/\"/"/g;
+ s/%22/"/g;
s/</</g;
s/>/>/g;
return $_;
--
To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-11-09 9:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-09 9:32 cvsweb: Partial merge of rev schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).