[Lxr-commits] CVS: lxr/lib/LXR Common.pm,1.62,1.63
Brought to you by:
ajlittoz
From: Malcolm B. <mb...@us...> - 2010-01-05 17:59:47
|
Update of /cvsroot/lxr/lxr/lib/LXR In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv9367/lib/LXR Modified Files: Common.pm Log Message: Fix bug in clean_identifier It wasn't cleaning the identifier properly, leaving a security hole Index: Common.pm =================================================================== RCS file: /cvsroot/lxr/lxr/lib/LXR/Common.pm,v retrieving revision 1.62 retrieving revision 1.63 diff -u -d -r1.62 -r1.63 --- Common.pm 10 May 2009 11:54:29 -0000 1.62 +++ Common.pm 5 Jan 2010 17:59:38 -0000 1.63 @@ -526,9 +526,13 @@ } sub clean_identifier { + # Cleans up the identifier parameter + # Result should be HTML-safe and a valid identifier in + # any supported language... + # Well, not Lisp symbols since they can contain anything my $id = shift; - $id =~ s/(^[\w`:.,]+).*/$1/ if defined $id; + $id =~ s/[^\w`:.,\-_ ]//g if defined $id; return $id; } |