From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 82c0cd6ae0ebefb3503c7bc2c8bf2e47b08f5698
Date: Wed, 21 Aug 2013 17:41:54 +0200 [thread overview]
Message-ID: <20130821154154.93AEB2091E@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 4273 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 82c0cd6ae0ebefb3503c7bc2c8bf2e47b08f5698 (commit)
via df05a856cdc5044398284b1a8dc704b22dfca911 (commit)
via 5ba9e6606e0a9666fb2bf83c68f1979f9dd2fbb2 (commit)
via 8b33e596c470e9216bd4c7e61bf2bfc889ea6673 (commit)
from e4d79ba496c7d5203e04df34bf59b827b79a2e0c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 82c0cd6ae0ebefb3503c7bc2c8bf2e47b08f5698
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Aug 21 17:41:28 2013 +0200
core73: Add changes files from #10406.
commit df05a856cdc5044398284b1a8dc704b22dfca911
Merge: e4d79ba 5ba9e66
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Aug 21 17:40:44 2013 +0200
Merge remote-tracking branch 'ms/xss' into next
commit 5ba9e6606e0a9666fb2bf83c68f1979f9dd2fbb2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 20 11:06:36 2013 +0200
proxylog.dat: Escape usernames.
Bug #10406.
commit 8b33e596c470e9216bd4c7e61bf2bfc889ea6673
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 20 11:05:28 2013 +0200
header.pl: Create new escape function that uses HTML::Entities.
This partly replaces cleanhtml(), which is kept for
backwards-compatibility and for a special case.
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/header.pl | 17 +++++++++--------
config/rootfiles/core/73/filelists/files | 2 ++
html/cgi-bin/logs.cgi/proxylog.dat | 3 ++-
3 files changed, 13 insertions(+), 9 deletions(-)
Difference in files:
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index a7f209d..9129c68 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -12,6 +12,7 @@
package Header;
use CGI();
+use HTML::Entities();
use Socket;
use Time::Local;
@@ -305,16 +306,16 @@ sub IpInSubnet
return (($ip >= $start) && ($ip <= $end));
}
-sub cleanhtml
-{
+sub escape($) {
+ my $s = shift;
+ return HTML::Entities::encode_entities($s);
+}
+
+sub cleanhtml {
my $outstring =$_[0];
$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
- $outstring =~ s/&/&/g;
- $outstring =~ s/\'/'/g;
- $outstring =~ s/\"/"/g; #" This is just a workaround for the syntax highlighter
- $outstring =~ s/</</g;
- $outstring =~ s/>/>/g;
- return $outstring;
+
+ return escape($outstring);
}
sub connectionstatus
diff --git a/config/rootfiles/core/73/filelists/files b/config/rootfiles/core/73/filelists/files
index 6a58766..42bb310 100644
--- a/config/rootfiles/core/73/filelists/files
+++ b/config/rootfiles/core/73/filelists/files
@@ -1,6 +1,8 @@
etc/system-release
etc/issue
+srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat
srv/web/ipfire/html/redirect.cgi
srv/web/ipfire/html/redirect-templates/
+var/ipfire/header.pl
var/ipfire/langs
var/ipfire/proxy/advanced/useragents
diff --git a/html/cgi-bin/logs.cgi/proxylog.dat b/html/cgi-bin/logs.cgi/proxylog.dat
index e529be0..da86f89 100644
--- a/html/cgi-bin/logs.cgi/proxylog.dat
+++ b/html/cgi-bin/logs.cgi/proxylog.dat
@@ -90,7 +90,7 @@ if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
$cgiparams{'MONTH'} = $temp[1];
$cgiparams{'DAY'} = $temp[2];
$cgiparams{'SOURCE_IP'} = $temp[3];
- $cgiparams{'USERNAME'} = $temp[4];
+ $cgiparams{'USERNAME'} = &Header::escape($temp[4]);
}
if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
@@ -383,6 +383,7 @@ print <<END
END
;
foreach my $so (sort keys %users) {
+ $so = &Header::escape($so);
print "<option value='$so' $selected{'USERNAME'}{$so}>$so</option>\n"; }
print <<END
</select>
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2013-08-21 15:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130821154154.93AEB2091E@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox