netbsd-bugs: misc/9923: query-pr-single.pl does not escape HTML tags found in PR's

Subject: misc/9923: query-pr-single.pl does not escape HTML tags found in PR's
To: None <gnats-bugs@gnats.netbsd.org>
From: None <mpumford@black-star.demon.co.uk>
List: netbsd-bugs
Date: 04/18/2000 02:33:44

>Number:         9923
>Category:       misc
>Synopsis:       query-pr-single.pl does not escape HTML tags found in PR's
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          support
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 18 02:34:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Mike Pumford
>Release:        N/A Web form problem
>Organization:
None
>Environment:
N/A Web form problem
>Description:
When querying a PR using the web it is possible for the contents
of a PR to be corrupted by the form as it does not escape HTML tags.

Noticed this when trying to extract the uuencoded data in PR #8484.
This may affect other PR's which contain code attached via uudecode
or MIME. 

>How-To-Repeat:




$ lynx -dump http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=8484 >asc.patch.uue
$ uudecode asc.patch.uue
$ gzip -d asc.patch.gz

gzip: asc.patch.gz: invalid compressed data--crc error
$ 



>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: