Hello Amaya,
Amaya wrote (Di 2007-Jan-02 12:21):
Can you confirm that this patch fixes this issue?
Any testing is greatly appreciated, as the main maintainer is on holiday
and I have limited time + resources to actually test this.
Sorry for the delay. I was sort of waiting for an inspiration
on how to compile and test until I realised that we're talking
Perl here...
Attached is a tested patch against the twiki version currently
in testing. It not only extends the error message but also
escapes text which has been given/entered/posted(*) by the bad
guy and is sent back to a web browser.
Let's hope this helps some poor soul more than Sven might not
like it...
Cheers, Marcus
(*) I have no idea where the bad value might actually come
from.
--
Marcus C. Gottwald
Quantum Hydrometrie GmbH, Zossener Str. 55, 10961 Berlin, Germany
Tel: +49.(0)30.698110-0, Fax: +49.(0)30.698110-99
eMail: <[EMAIL PROTECTED]>
Web: http://www.quantum-hydrometrie.de
--- /usr/share/perl5/TWiki.pm_1:4.0.5-6 2006-12-22 17:43:37.000000000 +0100
+++ /usr/share/perl5/TWiki.pm 2007-01-05 15:25:55.993842695 +0100
@@ -728,7 +728,7 @@
def => 'topic_access',
web => $this->{web} ||
$TWiki::cfg{UsersWebName},
topic => $this->{topic} ||
$TWiki::cfg{HomeTopicName},
- params => [ 'redirect', 'unsafe redirect to
'.$url ]);
+ params => [ 'redirect', 'unsafe redirect to
'.entityEncode($url).': <strong>"'.entityEncode($host).'" does not match
configured <nop>DefaultUrlHost</strong>' ]);
}
}
