Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cups/patches/str4356.patch
author shreya.jain@oracle.com <shreya.jain@oracle.com>
Tue, 08 Nov 2016 13:32:39 -0800
changeset 7269 727c4eb5cc2e
parent 2108 6145b31310ca
permissions -rw-r--r--
25035075 docker should allow only uid:gid assignments via --user

See : http://www.cups.org/str.php?L4356 for details.

Index: scheduler/client.c
===================================================================
--- scheduler/client.c
+++ scheduler/client.c
@@ -4251,6 +4251,14 @@
     return (0);
 
  /*
+  * Check for "<" or quotes in the path and reject since this is probably
+  * someone trying to inject HTML...
+  */
+
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+    return (0);
+
+ /*
   * Check for "/.." in the path...
   */
upstream/oracle/userland-gate