CVS commit: htutils/cgi-src/pkgsrc

To: www-changes%NetBSD.org@localhost
Subject: CVS commit: htutils/cgi-src/pkgsrc
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Mon, 16 Feb 2009 06:06:52 +0000 (UTC)

Module Name:    htutils
Committed By:   spz
Date:           Mon Feb 16 06:06:52 UTC 2009

Modified Files:
        htutils/cgi-src/pkgsrc: pkgsrc-search.cgi

Log Message:
Fix cross site scripting vulnerability by enforcing the search pattern
to only contain characters that actually happen in package names.
Fixes Admin RT #15407 from Mon Aug 20 15:54:51 2007 (since www didn't seem
inclined to handle the problem).


To generate a diff of this commit:
cvs rdiff -r1.9 -r1.10 htutils/cgi-src/pkgsrc/pkgsrc-search.cgi

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: htdocs/ports
Next by Date: CVS commit: htutils/cgi-src/pkgsrc
Previous by Thread: CVS commit: htdocs/ports
Next by Thread: CVS commit: htutils/cgi-src/pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index