os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix cross-site scripting vulnerablity.

Browse source 
This problem was reported at www.jp.FreeBSD.org, which uses the
(almost) same CGI script as www.FreeBSD.org.
This commit is contained in:
Motoyuki Konno 2002-05-08 05:42:25 +00:00
parent b51e85cdc3
commit b7cf1bf61d
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=13002
1 changed files with 4 additions and 4 deletions

8
en/cgi/cvsweb.cgi
View file

@ -43,9 +43,9 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. # SUCH DAMAGE.
# #
# $Id: cvsweb.cgi,v 1.80 2002-04-11 01:55:34 fenner Exp $ # $Id: cvsweb.cgi,v 1.81 2002-05-08 05:42:25 motoyuki Exp $
# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ # $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $
# $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.79 2002/04/10 20:26:27 knu Exp $ # $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.80 2002/04/11 01:55:34 fenner Exp $
# #
### ###
@ -230,7 +230,7 @@ $LOG_REVSEPARATOR = q/^-{28}$/;
); );
$cgi_style::hsty_base = 'http://www.FreeBSD.org'; $cgi_style::hsty_base = 'http://www.FreeBSD.org';
$_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.79 2002/04/10 20:26:27 knu Exp $; $_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.80 2002/04/11 01:55:34 fenner Exp $;
@_ = split; @_ = split;
$cgi_style::hsty_date = "@_[3,4]"; $cgi_style::hsty_date = "@_[3,4]";
@ -1408,7 +1408,7 @@ sub fatal($$) {
print "Status: $errcode\r\n"; print "Status: $errcode\r\n";
} }
html_header("Error"); html_header("Error");
print "Error: $errmsg\n"; print "Error: " . htmlquote($errmsg) . "\n";
print &html_footer; print &html_footer;
exit(1); exit(1);
} }