[interchange-cvs] interchange - racke modified lib/Vend/Page.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Mon Mar 29 11:32:30 EST 2004
User: racke
Date: 2004-03-29 16:32:27 GMT
Modified: lib/Vend Tag: STABLE_4_8-branch Page.pm
Log:
added missing pieces from 5.0 to ensure that security fix really works
Revision Changes Path
No revision
No revision
2.0.2.7 +6 -5 interchange/lib/Vend/Page.pm
rev 2.0.2.7, prev_rev 2.0.2.6
Index: Page.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Page.pm,v
retrieving revision 2.0.2.6
retrieving revision 2.0.2.7
diff -u -r2.0.2.6 -r2.0.2.7
--- Page.pm 28 Mar 2004 20:34:35 -0000 2.0.2.6
+++ Page.pm 29 Mar 2004 16:32:27 -0000 2.0.2.7
@@ -1,6 +1,6 @@
# Vend::Page - Handle Interchange page routing
#
-# $Id: Page.pm,v 2.0.2.6 2004/03/28 20:34:35 mheins Exp $
+# $Id: Page.pm,v 2.0.2.7 2004/03/29 16:32:27 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. and
# Interchange Development Group, http://www.icdevgroup.org/
@@ -46,7 +46,7 @@
use vars qw/$VERSION/;
-$VERSION = substr(q$Revision: 2.0.2.6 $, 10);
+$VERSION = substr(q$Revision: 2.0.2.7 $, 10);
my $wantref = 1;
@@ -60,7 +60,7 @@
"Security violation -- scripting character in page name '%s'.",
$name,
);
- $name = 'violation';
+ $name = find_special_page('violation');
1 while $subject =~ s/[\@_]_/_/g;
};
@@ -84,17 +84,18 @@
my($name) = @_;
my($page);
+ $name ||= $CGI::values{mv_nextpage};
+
$name =~ m/[\[<]|[\@_]_[A-Z]\w+_[\@_]|\@\@[A-Z]\w+\@\@/
and do {
::logGlobal(
"Security violation -- scripting character in page name '%s'.",
$name,
);
- $name = 'violation';
+ $name = find_special_page('violation');
return display_special_page($name);
};
- $name = $CGI::values{mv_nextpage} unless $name;
#::logDebug("display_page: $name");
if($Vend::Cfg->{ExtraSecure} and
$Vend::Cfg->{AlwaysSecure}->{$name}
More information about the interchange-cvs
mailing list