* cvsweb: similar to rev.
@ 2019-11-09 9:41 schwarze
0 siblings, 0 replies; 2+ messages in thread
From: schwarze @ 2019-11-09 9:41 UTC (permalink / raw)
To: source
Log Message:
-----------
similar to rev. 3.119.2.18:
bump VERSION to 3.1
Modified Files:
--------------
cvsweb:
cvsweb.cgi
Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.7
retrieving revision 4.8
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.7 -r4.8
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -113,7 +113,7 @@ use constant HAS_EDIFF => eval { requ
BEGIN
{
- $VERSION = '3.0.6';
+ $VERSION = '3.1';
$HTML_DOCTYPE =
'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ' .
--
To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 2+ messages in thread
* cvsweb: similar to rev.
@ 2019-11-09 10:06 schwarze
0 siblings, 0 replies; 2+ messages in thread
From: schwarze @ 2019-11-09 10:06 UTC (permalink / raw)
To: source
Log Message:
-----------
similar to rev. 3.119.2.22:
Fix the QUERY_STRING parts of the XSS vulnerabilities found by Ezio Paglia
in a more robust way: do very strict whitelist-based input validation on
the characters occurring in the QUERY_STRING, such that everything
stored in the %input hash table is safe in the first place without
requiring any kind of escaping later. When finding unexpected characters
in the QUERY_STRING, it is safest to simply error out fatal()ly.
Modified Files:
--------------
cvsweb:
cvsweb.cgi
Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.8
retrieving revision 4.9
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.8 -r4.9
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -358,9 +358,17 @@ if (defined($ENV{QUERY_STRING})) {
$p =~ y/+/ /;
my ($key, $val) = split(/=/, $p, 2);
next unless defined($key);
- $val = 1 unless defined($val);
- ($key = uri_unescape($key)) =~ /[[:graph:]]/ or next;
- ($val = uri_unescape($val)) =~ /[[:graph:]]/ or next;
+ $key = uri_unescape($key);
+ $key =~ /([^a-z_12-])/ and fatal('404 Not Found',
+ 'Invalid character "%s" in query parameter "%s"', $1, $key);
+ if (defined $val) {
+ $val = uri_unescape($val);
+ $val =~ /([^a-zA-Z_01-9.\/-])/ and fatal('404 Not Found',
+ 'Invalid character "%s" in the value "%s" of the query parameter "%s"',
+ $1, $value, $key);
+ } else {
+ $val = 1;
+ }
$query{$key} = $val;
}
}
--
To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-11-09 10:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-09 9:41 cvsweb: similar to rev schwarze
2019-11-09 10:06 schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).