Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cups/patches/str4356.patch
author Vladimir Marek <Vladimir.Marek@oracle.com>
Tue, 19 Jul 2016 15:32:04 +0200
branchs11u3-sru
changeset 6459 535eb53d63d5
parent 3387 37e41c9fcb4f
permissions -rw-r--r--
23856628 problem in UTILITY/PERL

See : http://www.cups.org/str.php?L4356 for details.

Index: scheduler/client.c
===================================================================
--- scheduler/client.c
+++ scheduler/client.c
@@ -4251,6 +4251,14 @@
     return (0);
 
  /*
+  * Check for "<" or quotes in the path and reject since this is probably
+  * someone trying to inject HTML...
+  */
+
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+    return (0);
+
+ /*
   * Check for "/.." in the path...
   */
upstream/oracle/userland-gate