Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cups/patches/str4356.patch
author Mohana Rao Gorai <mohana.gorai@oracle.com>
Mon, 13 Oct 2014 02:16:00 -0700
branchs11u2-sru
changeset 3389 b77a52ff5cfd
permissions -rw-r--r--
19276003 problem in UTILITY/CUPS

See : http://www.cups.org/str.php?L4356 for details.

Index: scheduler/client.c
===================================================================
--- scheduler/client.c
+++ scheduler/client.c
@@ -4251,6 +4251,14 @@
     return (0);
 
  /*
+  * Check for "<" or quotes in the path and reject since this is probably
+  * someone trying to inject HTML...
+  */
+
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+    return (0);
+
+ /*
   * Check for "/.." in the path...
   */
upstream/oracle/userland-gate