[interchange-cvs] interchange - heins modified lib/Vend/Page.pm
interchange-core@interchange.redhat.com
interchange-core@interchange.redhat.com
Thu Oct 11 19:06:00 2001
User: heins
Date: 2001-10-11 23:05:41 GMT
Modified: lib/Vend Page.pm
Log:
* Security fix for remote script execution exploit.
* Minor potential bug fixed.
Revision Changes Path
2.2 +3 -0 interchange/lib/Vend/Page.pm
rev 2.2, prev_rev 2.1
Index: Page.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Page.pm,v
retrieving revision 2.1
retrieving revision 2.2
diff -u -r2.1 -r2.2
--- Page.pm 2001/10/06 06:09:25 2.1
+++ Page.pm 2001/10/11 23:05:41 2.2
@@ -1,6 +1,6 @@
# Vend::Page - Handle Interchange page routing
#
-# $Id: Page.pm,v 2.1 2001/10/06 06:09:25 mheins Exp $
+# $Id: Page.pm,v 2.2 2001/10/11 23:05:41 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -45,7 +45,7 @@
use vars qw/$VERSION/;
-$VERSION = substr(q$Revision: 2.1 $, 10);
+$VERSION = substr(q$Revision: 2.2 $, 10);
my $wantref = 1;
@@ -100,6 +100,9 @@
return 1;
}
else {
+ $name =~ s/\&/&/g;
+ $name =~ s/\[/[/g;
+ $name =~ s/\</</g;
display_special_page(find_special_page('missing'), $name);
return 0;
}