/[gentoo-x86]/app-text/info2html/files/info2html-2.0-xss.patch
Gentoo

Contents of /app-text/info2html/files/info2html-2.0-xss.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download) (as text)
Fri Sep 1 14:39:52 2006 UTC (13 years, 5 months ago) by kevquinn
Branch: MAIN
CVS Tags: HEAD
File MIME type: text/x-diff
bump to 2.0; configure for info dirs more intelligently
(Portage version: 2.1.1_rc1-r1)

1 diff -u info2html-2.0-orig/info2html info2html-2.0/info2html
2 --- info2html-2.0-orig/info2html 2006-09-01 14:55:13.000000000 +0200
3 +++ info2html-2.0/info2html 2006-09-01 15:05:41.000000000 +0200
4 @@ -42,7 +42,7 @@
5
6 use CGI;
7 $ENV{'REQUEST_METHOD'} or
8 - print "Note: I'm really supposed to be run as a CGI!\n";
9 + print "Note: I'm really supposed to be run as a CGI\!\n";
10
11 #-- patterns
12 $NODEBORDER = '\037\014?'; #-- delimiter of an info node
13 @@ -62,7 +62,7 @@
14 #---------------------------------------------------------
15 # Don't reveal where we're looking... --jonh 5/20/97 (and reapplied 5/4/1998)
16 sub DieFileNotFound{
17 - local($FileName) = @_;
18 + local($FileName) = &XssEscape(@_);
19 #-- TEXT : error message if a file could not be opened
20 print <<"EOF";
21 <html><head><title>Info Files - Error Message</title>
22 @@ -104,6 +104,28 @@
23 }
24
25 #----------------------------------------------------------
26 +# XssEscape
27 +#----------------------------------------------------------
28 +sub XssEscape {
29 + local($Tag) = @_;
30 + #-- output escaping is required to protect browser
31 + # against `cross site' and `cross frame scripting'
32 +
33 + $Tag =~ s/&/&amp;/gs; # ampersand
34 + $Tag =~ s/#/&#35;/gs;
35 + $Tag =~ s/;/&#59;/gs;
36 + $Tag =~ s/[\000-\037\177-\237]/&iquest;/gs; # "ctrl" codes 0-31 and 127-159
37 + $Tag =~ s/</&lt;/gs; # less-than symbol
38 + $Tag =~ s/>/&gt;/gs; # greater-than symbol
39 + $Tag =~ s/"/&quot;/gs; # double quote
40 + $Tag =~ s/\240/&nbsp;/gs; # non-breaking space
41 + $Tag =~ s/\255/&shy;/gs; # soft hyphen
42 + # the rest is interpreted
43 + # as ISO 8859-1
44 + $Tag;
45 +}
46 +
47 +#----------------------------------------------------------
48 # ParsHeaderToken
49 #----------------------------------------------------------
50 # Parses the heaer line of an info node for a specific
51 @@ -493,6 +515,8 @@
52 #----------------------------------------------------------
53 sub ReplyNotFoundMessage{
54 local($FileName,$Tag) = @_;
55 + $FileName = &XssEscape($FileName);
56 + $Tag = &XssEscape($Tag);
57 print <<"EOF";
58 <html><head><title>Info Files - Error Message</title>
59 $BOTS_STAY_AWAY
60 Only in info2html-2.0: info2html.orig
61 Only in info2html-2.0: info2html.rej

  ViewVC Help
Powered by ViewVC 1.1.20