62f5f7f26e
Fixes: CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). From maintainer Ian McWilliam
17 lines
469 B
Plaintext
17 lines
469 B
Plaintext
$OpenBSD: patch-web_swat_c,v 1.7 2011/07/29 08:13:51 giovanni Exp $
|
|
--- web/swat.c.orig Mon Jul 25 06:04:44 2011
|
|
+++ web/swat.c Thu Jul 28 20:12:15 2011
|
|
@@ -224,8 +224,10 @@ static int include_html(const char *fname)
|
|
fd = web_open(fname, O_RDONLY, 0);
|
|
|
|
if (fd == -1) {
|
|
- printf(_("ERROR: Can't open %s"), fname);
|
|
- printf("\n");
|
|
+ if (strcmp(fname, "help/welcome.html")) {
|
|
+ printf(_("ERROR: Can't open %s"), fname);
|
|
+ printf("\n");
|
|
+ }
|
|
return 0;
|
|
}
|
|
|