Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cups/patches/str4356.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Thu, 26 Jan 2017 16:44:14 -0800
changeset 7617 14b1a4293086
parent 2108 6145b31310ca
permissions -rw-r--r--
Close of build 117.

See : http://www.cups.org/str.php?L4356 for details.

Index: scheduler/client.c
===================================================================
--- scheduler/client.c
+++ scheduler/client.c
@@ -4251,6 +4251,14 @@
     return (0);
 
  /*
+  * Check for "<" or quotes in the path and reject since this is probably
+  * someone trying to inject HTML...
+  */
+
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+    return (0);
+
+ /*
   * Check for "/.." in the path...
   */
upstream/oracle/userland-gate