From: <de...@de...> - 2011-08-08 22:52:53
|
Author: PeterThoeny Date: 2011-08-08 17:52:47 -0500 (Mon, 08 Aug 2011) New Revision: 21924 Trac url: http://develop.twiki.org/trac/changeset/21924 Modified: twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin.pm twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm Log: Item6789: Better error handling in SLIDESHOWSTART variable Modified: twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm =================================================================== --- twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm 2011-08-08 22:52:28 UTC (rev 21923) +++ twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm 2011-08-08 22:52:47 UTC (rev 21924) @@ -61,7 +61,8 @@ # Build query string based on existingURL parameters my $qparams = '?slideshow=on;skin=print'; foreach my $name ( $query->param ) { - next if ( $name =~ /(text|keywords|web|topic|slideshow|skin|\#)/ ); + next if ( $name =~ s/[^a-zA-Z0-9_\-]//go ); # Item6789: Santize parameter name + next if ( $name =~ /^(text|keywords|web|topic|slideshow|skin)$/ ); $qparams .= ';' . $name . '=' . urlEncode( $query->param($name) ); } Modified: twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin.pm =================================================================== --- twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin.pm 2011-08-08 22:52:28 UTC (rev 21923) +++ twiki/branches/TWikiRelease05x00/SlideShowPlugin/lib/TWiki/Plugins/SlideShowPlugin.pm 2011-08-08 22:52:47 UTC (rev 21924) @@ -21,7 +21,7 @@ # ========================= our $VERSION = '$Rev$'; -our $RELEASE = '2011-07-09'; +our $RELEASE = '2011-08-08'; our $web; our $topic; |