source@mandoc.bsd.lv
 help / color / Atom feed
* cvsweb: Partial merge of rev.
@ 2019-11-09  9:32 schwarze
  0 siblings, 0 replies; only message in thread
From: schwarze @ 2019-11-09  9:32 UTC (permalink / raw)
  To: source

Log Message:
-----------
Partial merge of rev. 3.119.2.15; the rest will be fixed differently
because the original diff caused regressions.

Original commit message:
Patch from Peter J. Philipp <pjp at centroid dot eu>
to fix some opportunities for XSS;
triggered by a report from Ezio Paglia.

Modified Files:
--------------
    cvsweb:
        cvsweb.cgi

Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.6
retrieving revision 4.7
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.6 -r4.7
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -4194,6 +4194,7 @@ sub htmlquote($)
   # Special Characters; RFC 1866
   s/&/&amp;/g;
   s/\"/&quot;/g;
+  s/%22/&quot;/g;
   s/</&lt;/g;
   s/>/&gt;/g;
   return $_;
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-09  9:32 cvsweb: Partial merge of rev schwarze

source@mandoc.bsd.lv

Archives are clonable: git clone --mirror http://inbox.vuxu.org/mandoc-source

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.mandoc.source


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git