os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

block cross-site scripting attacks (css)

Browse source 
submitted via bugtraq
This commit is contained in:
Wolfram Schneider 2002-05-13 07:40:24 +00:00
parent fd866b541a
commit 984966d974
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=13062
1 changed files with 6 additions and 3 deletions

9
en/cgi/man.cgi
View file

@ -33,7 +33,7 @@
# BSDI Id: bsdi-man,v 1.2 1995/01/11 02:30:01 polk Exp # BSDI Id: bsdi-man,v 1.2 1995/01/11 02:30:01 polk Exp
# Dual CGI/Plexus mode and new interface by sanders@bsdi.com 9/22/1995 # Dual CGI/Plexus mode and new interface by sanders@bsdi.com 9/22/1995
# #
# $Id: man.cgi,v 1.69 2002-05-10 19:28:38 wosch Exp $ # $Id: man.cgi,v 1.70 2002-05-13 07:40:24 wosch Exp $
#use Data::Dumper; #use Data::Dumper;
#use Carp; #use Carp;
@ -744,10 +744,13 @@ sub decode_form {
$_ =~ s/%([\da-f]{1,2})/pack(C,hex($1))/eig; # undo % escapes $_ =~ s/%([\da-f]{1,2})/pack(C,hex($1))/eig; # undo % escapes
$key =~ s/%([\da-f]{1,2})/pack(C,hex($1))/eig; # undo % escapes $key =~ s/%([\da-f]{1,2})/pack(C,hex($1))/eig; # undo % escapes
$_ =~ s/[\r\n]+/\n\t/g if defined($indent); # indent data after \n $_ =~ s/[\r\n]+/\n\t/g if defined($indent); # indent data after \n
$data{$key} = $_; $data{$key} = &escape($_);
} }
} }
# block cross-site scripting attacks (css)
sub escape($) { $_ = $_[0]; s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; $_; }
sub dec { sub dec {
local($_) = @_; local($_) = @_;
@ -930,7 +933,7 @@ ETX
} }
sub copyright { sub copyright {
$id = '$Id: man.cgi,v 1.69 2002-05-10 19:28:38 wosch Exp $'; $id = '$Id: man.cgi,v 1.70 2002-05-13 07:40:24 wosch Exp $';
return qq{\ return qq{\
<PRE> <PRE>