equal
deleted
inserted
replaced
|
1 See : http://www.cups.org/str.php?L4356 for details. |
|
2 |
|
3 Index: scheduler/client.c |
|
4 =================================================================== |
|
5 --- scheduler/client.c |
|
6 +++ scheduler/client.c |
|
7 @@ -4251,6 +4251,14 @@ |
|
8 return (0); |
|
9 |
|
10 /* |
|
11 + * Check for "<" or quotes in the path and reject since this is probably |
|
12 + * someone trying to inject HTML... |
|
13 + */ |
|
14 + |
|
15 + if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL) |
|
16 + return (0); |
|
17 + |
|
18 + /* |
|
19 * Check for "/.." in the path... |
|
20 */ |
|
21 |