[interchange-cvs] interchange - kwalsh modified
dist/standard/special_pages/missing.html
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue Feb 5 19:58:37 EST 2008
User: kwalsh
Date: 2008-02-06 00:58:36 GMT
Modified: dist/standard/special_pages missing.html
Log:
* Fixed a security bug where an attacker could craft a URI that
tricks Interchange into executing arbitrary Perl code. The Perl
code would be subject to the Safe constraints of course, but could
still be devistating to the security of the target website.
Revision Changes Path
1.4 +2 -1 interchange/dist/standard/special_pages/missing.html
rev 1.4, prev_rev 1.3
Index: missing.html
===================================================================
RCS file: /var/cvs/interchange/dist/standard/special_pages/missing.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- missing.html 14 Feb 2007 05:42:31 -0000 1.3
+++ missing.html 6 Feb 2008 00:58:36 -0000 1.4
@@ -1,4 +1,5 @@
-[if type=explicit compare="q{[subject]} =~ m{^admin/}"]
+[tmpn missing_subject][subject][/tmpn]
+[if scratch missing_subject =~ /^admin/]
[seti ui_error]<h2>[msg arg.0="[subject]"]Sorry, the page (%s) was not found[/msg]</h2>[/seti]
[bounce page=admin/error]
[else]
More information about the interchange-cvs
mailing list