[interchange-cvs] interchange - heins modified lib/Vend/Parse.pm
interchange-core@interchange.redhat.com
interchange-core@interchange.redhat.com
Thu Oct 18 05:35:01 2001
User: heins
Date: 2001-10-18 09:34:30 GMT
Modified: lib/Vend Parse.pm
Log:
* More changes to close cross-site scripting vulnerability.
Revision Changes Path
2.4 +6 -4 interchange/lib/Vend/Parse.pm
rev 2.4, prev_rev 2.3
Index: Parse.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Parse.pm,v
retrieving revision 2.3
retrieving revision 2.4
diff -u -r2.3 -r2.4
--- Parse.pm 2001/10/11 01:34:37 2.3
+++ Parse.pm 2001/10/18 09:34:29 2.4
@@ -1,6 +1,6 @@
# Vend::Parse - Parse Interchange tags
#
-# $Id: Parse.pm,v 2.3 2001/10/11 01:34:37 mheins Exp $
+# $Id: Parse.pm,v 2.4 2001/10/18 09:34:29 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -35,7 +35,7 @@
@ISA = qw(Exporter Vend::Parser);
-$VERSION = substr(q$Revision: 2.3 $, 10);
+$VERSION = substr(q$Revision: 2.4 $, 10);
@EXPORT = ();
@EXPORT_OK = qw(find_matching_end);
@@ -130,7 +130,7 @@
total_cost 2
try 1
userdb 1
- value 2
+ value 1
value_extended 1
! );
@@ -1206,8 +1206,9 @@
return 1;
}
- $attr->{'decode'} = 1 unless defined $attr->{'decode'};
- $attr->{'reparse'} = 1 unless defined $NoReparse{$tag}
+ $attr->{enable_html} = 1 if $Vend::Cfg->{Promiscuous};
+ $attr->{decode} = 1 unless defined $attr->{'decode'};
+ $attr->{reparse} = 1 unless defined $NoReparse{$tag}
|| defined $attr->{'reparse'};
$attr->{'undef'} = undef;
@@ -1509,7 +1510,8 @@
$self->{INVALID} += $p->{INVALID};
}
- $attr->{'reparse'} = 1
+ $attr->{enable_html} = 1 if $Vend::Cfg->{Promiscuous};
+ $attr->{reparse} = 1
unless (defined $NoReparse{$tag} || defined $attr->{'reparse'});
my ($routine,@args);