[Lxr-commits] CVS: lxr/lib/LXR Common.pm,1.63,1.64
Brought to you by:
ajlittoz
Menu
▾
▴
[Lxr-commits] CVS: lxr/lib/LXR Common.pm,1.63,1.64
|
From: Malcolm B. <mb...@us...> - 2010-01-15 23:23:30
|
Update of /cvsroot/lxr/lxr/lib/LXR In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv26224/lib/LXR Modified Files: Common.pm Log Message: Fix XSS exploit in title string Index: Common.pm =================================================================== RCS file: /cvsroot/lxr/lxr/lib/LXR/Common.pm,v retrieving revision 1.63 retrieving revision 1.64 diff -u -d -r1.63 -r1.64 --- Common.pm 5 Jan 2010 17:59:38 -0000 1.63 +++ Common.pm 15 Jan 2010 23:23:20 -0000 1.64 @@ -633,6 +633,8 @@ return $config->sourcerootname . ' identifier search' . ($i ? ": $i" : ''); } elsif ($who eq 'search') { my $s = $HTTP->{'param'}->{'string'}; + $s =~ s/</</g; + $s =~ s/>/>/g; return $config->sourcerootname . ' general search' . ($s ? ": $s" : ''); } } |
