[interchange-cvs] interchange - heins modified lib/Vend/Page.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Sun Mar 28 15:29:40 EST 2004
User: heins
Date: 2004-03-28 20:29:39 GMT
Modified: lib/Vend Page.pm
Log:
* Fix security hole which can expose arbitrary variable contents.
Revision Changes Path
2.17 +7 -6 interchange/lib/Vend/Page.pm
rev 2.17, prev_rev 2.16
Index: Page.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Page.pm,v
retrieving revision 2.16
retrieving revision 2.17
diff -u -r2.16 -r2.17
--- Page.pm 27 Dec 2003 01:08:33 -0000 2.16
+++ Page.pm 28 Mar 2004 20:29:39 -0000 2.17
@@ -1,6 +1,6 @@
# Vend::Page - Handle Interchange page routing
#
-# $Id: Page.pm,v 2.16 2003/12/27 01:08:33 jon Exp $
+# $Id: Page.pm,v 2.17 2004/03/28 20:29:39 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -46,7 +46,7 @@
use vars qw/$VERSION/;
-$VERSION = substr(q$Revision: 2.16 $, 10);
+$VERSION = substr(q$Revision: 2.17 $, 10);
my $wantref = 1;
@@ -56,13 +56,14 @@
undef $Vend::write_redirect;
- $name =~ m/[\[<]/
+ $name =~ m/[\[<]|[\@_]_[A-Z]\w+_[\@_]|\@\@[A-Z]\w+\@\@/
and do {
::logGlobal(
"Security violation -- scripting character in page name '%s'.",
$name,
);
- $name = 'violation';
+ $name = find_special_page('violation');
+ 1 while $subject =~ s/[\@_]_/_/g;
};
$subject ||= 'unspecified error';
@@ -90,13 +91,13 @@
$name ||= $CGI::values{mv_nextpage};
- $name =~ m/[\[<]/
+ $name =~ m/[\[<]|[\@_]_[A-Z]\w+_[\@_]|\@\@[A-Z]\w+\@\@/
and do {
::logGlobal(
"Security violation -- scripting character in page name '%s'.",
$name,
);
- $name = 'violation';
+ $name = find_special_page('violation');
return display_special_page($name);
};
More information about the interchange-cvs
mailing list