diff options
Diffstat (limited to 'app-text/info2html/files/info2html-2.0-xss.patch')
| -rw-r--r-- | app-text/info2html/files/info2html-2.0-xss.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/app-text/info2html/files/info2html-2.0-xss.patch b/app-text/info2html/files/info2html-2.0-xss.patch deleted file mode 100644 index a2254bdbbe2b..000000000000 --- a/app-text/info2html/files/info2html-2.0-xss.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -u info2html-2.0-orig/info2html info2html-2.0/info2html ---- info2html-2.0-orig/info2html 2006-09-01 14:55:13.000000000 +0200 -+++ info2html-2.0/info2html 2006-09-01 15:05:41.000000000 +0200 -@@ -42,7 +42,7 @@ - - use CGI; - $ENV{'REQUEST_METHOD'} or -- print "Note: I'm really supposed to be run as a CGI!\n"; -+ print "Note: I'm really supposed to be run as a CGI\!\n"; - - #-- patterns - $NODEBORDER = '\037\014?'; #-- delimiter of an info node -@@ -62,7 +62,7 @@ - #--------------------------------------------------------- - # Don't reveal where we're looking... --jonh 5/20/97 (and reapplied 5/4/1998) - sub DieFileNotFound{ -- local($FileName) = @_; -+ local($FileName) = &XssEscape(@_); - #-- TEXT : error message if a file could not be opened - print <<"EOF"; - <html><head><title>Info Files - Error Message</title> -@@ -104,6 +104,28 @@ - } - - #---------------------------------------------------------- -+# XssEscape -+#---------------------------------------------------------- -+sub XssEscape { -+ local($Tag) = @_; -+ #-- output escaping is required to protect browser -+ # against `cross site' and `cross frame scripting' -+ -+ $Tag =~ s/&/&/gs; # ampersand -+ $Tag =~ s/#/#/gs; -+ $Tag =~ s/;/;/gs; -+ $Tag =~ s/[\000-\037\177-\237]/¿/gs; # "ctrl" codes 0-31 and 127-159 -+ $Tag =~ s/</</gs; # less-than symbol -+ $Tag =~ s/>/>/gs; # greater-than symbol -+ $Tag =~ s/"/"/gs; # double quote -+ $Tag =~ s/\240/ /gs; # non-breaking space -+ $Tag =~ s/\255/­/gs; # soft hyphen -+ # the rest is interpreted -+ # as ISO 8859-1 -+ $Tag; -+} -+ -+#---------------------------------------------------------- - # ParsHeaderToken - #---------------------------------------------------------- - # Parses the heaer line of an info node for a specific -@@ -493,6 +515,8 @@ - #---------------------------------------------------------- - sub ReplyNotFoundMessage{ - local($FileName,$Tag) = @_; -+ $FileName = &XssEscape($FileName); -+ $Tag = &XssEscape($Tag); - print <<"EOF"; - <html><head><title>Info Files - Error Message</title> - $BOTS_STAY_AWAY -Only in info2html-2.0: info2html.orig -Only in info2html-2.0: info2html.rej |