cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4394fcc290
openbsd-ports/sysutils/backuppc/patches/patch-lib_BackupPC_CGI_View_pm
jasper df36465803 Security fix for SA46615 
BackupPC "num" Cross-Site Scripting Vulnerability

patch taken from ubuntu
2011-10-28 21:56:56 +00:00

29 lines
965 B
Plaintext
Raw Blame History

$OpenBSD: patch-lib_BackupPC_CGI_View_pm,v 1.2 2011/10/28 21:56:57 jasper Exp $
First chunk:
Security fix for SA46615
BackupPC "num" Cross-Site Scripting Vulnerability
From http://patches.ubuntu.com/b/backuppc/backuppc_3.2.1-1ubuntu2.patch
--- lib/BackupPC/CGI/View.pm.orig Mon Apr 25 05:31:55 2011
+++ lib/BackupPC/CGI/View.pm Fri Oct 28 23:54:56 2011
@@ -46,7 +46,7 @@ sub action
my $compress = 0;
my $fh;
my $host = $In{host};
- my $num = $In{num};
+ my $num = ${EscHTML($In{num})};
my $type = $In{type};
my $linkHosts = 0;
my($file, $comment);
@@ -86,7 +86,7 @@ sub action
$file = $bpc->ConfDir() . "/hosts";
$linkHosts = 1;
} elsif ( $type eq "docs" ) {
- $file = $bpc->InstallDir() . "/doc/BackupPC.html";
+ $file = $bpc->InstallDir() . "/share/doc/backuppc/BackupPC.html";
} elsif ( $host ne "" ) {
if ( !defined($In{num}) ) {
# get the latest LOG file
Reference in New Issue View Git Blame Copy Permalink