Close of build 117.
See : http://www.cups.org/str.php?L4356 for details.
Index: scheduler/client.c
===================================================================
--- scheduler/client.c
+++ scheduler/client.c
@@ -4251,6 +4251,14 @@
return (0);
/*
+ * Check for "<" or quotes in the path and reject since this is probably
+ * someone trying to inject HTML...
+ */
+
+ if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+ return (0);
+
+ /*
* Check for "/.." in the path...
*/