-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just committed a fix to the php-wrapper. This may or may not have been a potential exploit. The fix prevents people from including arbitrary HTML or PHP code in their search string. The fix strips such tags from the input string.
To test the exploit, try entering an IMG html tag into your search field, such as <img src=http://www.htdig.org/htdig_big.gif>. If you see: There were no matches for [IMAGE] found on the website. where [IMAGE] is the htDig image, then you have not patched your system. - -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 -- QDPGP 2.61c Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBO8cv+QoLFxTP+508EQLRdQCg4+FE7xo/NxM+TpvS/0gyT9LYYTYAoOCM bV1/W/eESdonK1V4rIfoebth =m89W -----END PGP SIGNATURE----- _______________________________________________ htdig-dev mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/htdig-dev
