[interchange-cvs] interchange - kwalsh modified
dist/standard/special_pages/missing.html
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue Feb 5 19:58:39 EST 2008
User: kwalsh
Date: 2008-02-06 00:58:38 GMT
Modified: dist/standard/special_pages Tag: STABLE_5_4-branch
Modified: missing.html
Log:
* Fixed a security bug where an attacker could craft a URI that
tricks Interchange into executing arbitrary Perl code. The Perl
code would be subject to the Safe constraints of course, but could
still be devistating to the security of the target website.
Revision Changes Path
No revision
No revision
1.1.1.1.2.2 +2 -1 interchange/dist/standard/special_pages/missing.html
rev 1.1.1.1.2.2, prev_rev 1.1.1.1.2.1
Index: missing.html
===================================================================
RCS file: /var/cvs/interchange/dist/standard/special_pages/missing.html,v
retrieving revision 1.1.1.1.2.1
retrieving revision 1.1.1.1.2.2
diff -u -r1.1.1.1.2.1 -r1.1.1.1.2.2
--- missing.html 24 Jun 2006 16:07:24 -0000 1.1.1.1.2.1
+++ missing.html 6 Feb 2008 00:58:38 -0000 1.1.1.1.2.2
@@ -1,4 +1,5 @@
-[if type=explicit compare="q{[subject]} =~ m{^admin/}"]
+[tmpn missing_subject][subject][/tmpn]
+[if scratch missing_subject =~ /^admin/]
[seti ui_error]<h2>[msg arg.0="[subject]"]Sorry, the page (%s) was not found[/msg]</h2>[/seti]
[bounce page=admin/error]
[else]
More information about the interchange-cvs
mailing list