[htdig-dev] HEADS UP: php wrapper script - potential exploit patched

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just committed a fix to the php-wrapper.  This may or may not
have been a potential exploit.  The fix prevents people from including
arbitrary HTML or PHP code in their search string.  The fix
strips such tags from the input string.

To test the exploit, try entering an IMG html tag into your
search field, such as <img src=http://www.htdig.org/htdig_big.gif>.

If you see:

 There were no matches for [IMAGE] found on the website.

where [IMAGE] is the htDig image, then you have not patched
your system.
- -- 
Dan Langille
The FreeBSD Diary - http://freebsddiary.org/ - practical examples

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8 -- QDPGP 2.61c
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBO8cv+QoLFxTP+508EQLRdQCg4+FE7xo/NxM+TpvS/0gyT9LYYTYAoOCM
bV1/W/eESdonK1V4rIfoebth
=m89W
-----END PGP SIGNATURE-----