Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
19276003 problem in UTILITY/CUPS
authorMohana Rao Gorai <mohana.gorai@oracle.com>
Tue, 23 Sep 2014 22:10:27 -0700
changeset 2108 6145b31310ca
parent 2107 1cda4e19a209
child 2109 ed516b43cefc
19276003 problem in UTILITY/CUPS
components/cups/patches/str4356.patch file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/patches/str4356.patch	Tue Sep 23 22:10:27 2014 -0700
@@ -0,0 +1,21 @@
+See : http://www.cups.org/str.php?L4356 for details.
+
+Index: scheduler/client.c
+===================================================================
+--- scheduler/client.c
++++ scheduler/client.c
+@@ -4251,6 +4251,14 @@
+     return (0);
+ 
+  /*
++  * Check for "<" or quotes in the path and reject since this is probably
++  * someone trying to inject HTML...
++  */
++
++  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
++    return (0);
++
++ /*
+   * Check for "/.." in the path...
+   */
+
upstream/oracle/userland-gate