[interchange-cvs] interchange - heins modified lib/Vend/Page.pm
interchange-core@interchange.redhat.com
interchange-core@interchange.redhat.com
Thu Oct 11 19:07:00 2001
User: heins
Date: 2001-10-11 23:06:01 GMT
Modified: lib/Vend Tag: STABLE_4_8-branch Page.pm
Log:
* Security fix for remote script execution exploit.
* Minor potential bug fixed.
Revision Changes Path
No revision
No revision
2.0.2.1 +6 -3 interchange/lib/Vend/Page.pm
rev 2.0.2.1, prev_rev 2.0
Index: Page.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Page.pm,v
retrieving revision 2.0
retrieving revision 2.0.2.1
diff -u -r2.0 -r2.0.2.1
--- Page.pm 2001/07/18 02:23:14 2.0
+++ Page.pm 2001/10/11 23:06:01 2.0.2.1
@@ -1,6 +1,6 @@
# Vend::Page - Handle Interchange page routing
#
-# $Id: Page.pm,v 2.0 2001/07/18 02:23:14 jon Exp $
+# $Id: Page.pm,v 2.0.2.1 2001/10/11 23:06:01 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -45,7 +45,7 @@
use vars qw/$VERSION/;
-$VERSION = substr(q$Revision: 2.0 $, 10);
+$VERSION = substr(q$Revision: 2.0.2.1 $, 10);
my $wantref = 1;
@@ -100,6 +100,9 @@
return 1;
}
else {
+ $name =~ s/\&/&/g;
+ $name =~ s/\[/[/g;
+ $name =~ s/\</</g;
display_special_page(find_special_page('missing'), $name);
return 0;
}
@@ -149,8 +152,8 @@
if ($c->{mv_more_matches}) {
$Vend::Session->{last_search} = "scan/MM=$c->{mv_more_matches}";
$Vend::More_in_progress = 1;
- $c->{mv_more_matches} =~ m/([a-zA-Z0-9])+/;
$c->{mv_more_id} = $CGI::values{mv_more_id} || undef;
+ $c->{mv_more_matches} =~ m/([a-zA-Z0-9])+/;
$c->{mv_cache_key} = $1;
$CGI::values{mv_nextpage} = $c->{mv_nextpage}
if ! defined $CGI::values{mv_nextpage};