[qmailadmin-cvs] qmailadmin ChangeLog, 1.15.2.111, 1.15.2.112 template.c, 1.7.2.16, 1.7.2.17

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/qmailadmin/qmailadmin
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv25164

Modified Files:
      Tag: stable-1_2
	ChangeLog template.c 
Log Message:
fix for XSS hole in template.c

Index: template.c
===================================================================
RCS file: /cvsroot/qmailadmin/qmailadmin/template.c,v
retrieving revision 1.7.2.16
retrieving revision 1.7.2.17
diff -u -d -r1.7.2.16 -r1.7.2.17

--- template.c	8 Jan 2008 04:45:01 -0000	1.7.2.16
+++ template.c	6 Feb 2009 05:30:05 -0000	1.7.2.17
@@ -272,7 +272,7 @@
           /* show returnhttp (from TmpCGI) */
           case 'H':
             GetValue (TmpCGI, value, "returnhttp=", sizeof(value));
-            printh ("%H", value);
+            printh ("%C", value);
             break;
 
           /* show the counts */
@@ -456,7 +456,7 @@
             GetValue (TmpCGI, value, "returntext=", sizeof(value));
             GetValue (TmpCGI, value2, "returnhttp=", sizeof(value2));
             if (*value != '\0') {
-              printh ("<A HREF=\"%s\">%H</A>", value2, value);
+              printh ("<A HREF=\"%C\">%H</A>", value2, value);
             }
             break;
 
@@ -620,7 +620,7 @@
           case 'x':
             strcpy (value, get_session_val("returntext="));
             if(strlen(value) > 0) {
-               printh("<a href=\"%s\">%H", get_session_val("returnhttp="), value);
+               printh("<a href=\"%C\">%H", get_session_val("returnhttp="), value);
             } else {
                printh("<a href=\"%s\">%s", cgiurl("logout"), html_text[218]);
             }
@@ -629,12 +629,12 @@
 
           /* returnhttp */
           case 'y':
-            printf("%s", get_session_val("returnhttp=")); 
+            printh("%C", get_session_val("returnhttp=")); 
             break; 
 
           /* returntext */
           case 'Y':
-            printf("%s", get_session_val("returntext=")); 
+            printh("%H", get_session_val("returntext=")); 
             break;
          
           /* send the image URL directory */

Index: ChangeLog
===================================================================
RCS file: /cvsroot/qmailadmin/qmailadmin/ChangeLog,v
retrieving revision 1.15.2.111
retrieving revision 1.15.2.112
diff -u -d -r1.15.2.111 -r1.15.2.112
--- ChangeLog	8 Jan 2008 04:45:01 -0000	1.15.2.111
+++ ChangeLog	6 Feb 2009 05:30:05 -0000	1.15.2.112
@@ -6,6 +6,8 @@
 	Tom Collins
 	- qmailadmin.c: check return value of setuid() and setgid() and 
 	  exit if either fail (security issue reported by Miguel Lourenco).
+	- template.c: fix for potential XSS (cross-site scripting) hole
+	  in the login page (reported by Michael Middleton).
 
 	Chaz Owensby
 	- Report disk usage to non-admin user on their Modify User page.



