OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 23-Jan-2003 11:37:14
Branch: HEAD Handle: 2003012310371300
Modified files:
openpkg-web Makefile page.inc petidomo.cgi security.txt
Log:
flush pending changes
Summary:
Revision Changes Path
1.13 +1 -1 openpkg-web/Makefile
1.30 +1 -1 openpkg-web/page.inc
1.3 +10 -3 openpkg-web/petidomo.cgi
1.15 +1 -1 openpkg-web/security.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/Makefile
============================================================================
$ cvs diff -u -r1.12 -r1.13 Makefile
--- openpkg-web/Makefile 22 Jan 2003 13:12:53 -0000 1.12
+++ openpkg-web/Makefile 23 Jan 2003 10:37:13 -0000 1.13
@@ -46,7 +46,7 @@
wmk -f related.wml
support.html: support.wml
wmk -f support.wml
-security.html: security.wml
+security.html: security.wml security.txt
wmk -f security.wml
bugdb.html: bugdb.wml
wmk -f bugdb.wml
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/page.inc
============================================================================
$ cvs diff -u -r1.29 -r1.30 page.inc
--- openpkg-web/page.inc 22 Jan 2003 13:12:54 -0000 1.29
+++ openpkg-web/page.inc 23 Jan 2003 10:37:13 -0000 1.30
@@ -52,7 +52,7 @@
FONT,UL,OL,LI
FORM,INPUT,
BLOCKQUOTE,A,I,B,EM { font-family: helvetica,lucida,arial,sans-serif; }
-TT,CODE,SAMP,PRE { font-family: courier,courier-new,terminal,fixed,monospace;
font-size: 90%; }
+TT,CODE,SAMP,PRE { font-family: courier,courier-new,terminal,fixed,monospace;
font-size: 100%; }
A { text-decoration: none; font-weight: bold; }
A:link { text-decoration: none; font-weight: bold; color: #a09080; }
A:visited { text-decoration: none; font-weight: bold; color: #a09080; }
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/petidomo.cgi
============================================================================
$ cvs diff -u -r1.2 -r1.3 petidomo.cgi
--- openpkg-web/petidomo.cgi 22 Nov 2001 16:55:58 -0000 1.2
+++ openpkg-web/petidomo.cgi 23 Jan 2003 10:37:13 -0000 1.3
@@ -48,15 +48,22 @@
else {
$qs{$name} = $value;
}
+ # prevent cross side scripting (XSS) attacks
+ $qs{$name} =~ s/&/&/sg;
+ $qs{$name} =~ s/</</sg;
+ $qs{$name} =~ s/>/>/sg;
+ $qs{$name} =~ s/\(/(/sg;
+ $qs{$name} =~ s/\)/)/sg;
+ $qs{$name} =~ s/#/#/sg;
}
# check for parameter consistency
-die "You supplied to Email address."
+die "You supplied no Email address."
if ($qs{email} eq '');
die "Hmmm... <tt>your\@address.dom</tt> is certainly not correct, Dude."
if ($qs{email} eq '[EMAIL PROTECTED]');
die "Hmmm... <tt>$qs{email}</tt> doesn't look like a valid RFC822 mail address."
- if ($qs{email} !~ m|.+@.+|);
+ if ($qs{email} !~ m|^[a-zA-Z0-9_=%,.~+-]+@([a-zA-Z0-9]+)(\.[a-zA-Z0-9]+)*$|);
die "At least one list has to be selected."
if ($qs{list} eq '');
die "At least one action has to be selected."
@@ -91,7 +98,7 @@
"Ok, the ingredients of the form were successfully parsed " .
"and forwarded to Petidomo via Email in the following format:" .
"<p>" .
- "<table cellpadding=5 bgcolor=\"#f0f0f0\"><tr><td>" .
+ "<table cellpadding=5 bgcolor=\"#e5e0d5\"><tr><td>" .
"<pre>$mail</pre>\n" .
"</td></tr></table>" .
"<p>" .
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/security.txt
============================================================================
$ cvs diff -u -r1.14 -r1.15 security.txt
--- openpkg-web/security.txt 22 Jan 2003 16:04:53 -0000 1.14
+++ openpkg-web/security.txt 23 Jan 2003 10:37:13 -0000 1.15
@@ -1,4 +1,4 @@
-22-Jan-2003: Security Advisory: S<OpenPKG-SA-2003.006-python>
+23-Jan-2003: Security Advisory: S<OpenPKG-SA-2003.006-python>
22-Jan-2003: Security Advisory: S<OpenPKG-SA-2003.005-php>
21-Jan-2003: Security Advisory: S<OpenPKG-SA-2003.004-cvs>
21-Jan-2003: Security Advisory: S<OpenPKG-SA-2003.003-vim>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
