Update of /cvs/scoop/scoop/lib/Scoop
In directory lithium.sabren.com:/tmp/cvs-serv30231/lib/Scoop
Modified Files:
Comments.pm Search.pm Static.pm Tags.pm Utility.pm
Log Message:
Committing XSS (and some others janra found, as I recall) security fixes
and some stuff found in the K5 upgrade. -j
Index: Utility.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Utility.pm,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** Utility.pm 8 Feb 2006 03:42:02 -0000 1.36
--- Utility.pm 6 Aug 2006 04:22:45 -0000 1.37
***************
*** 1143,1145 ****
--- 1143,1157 ----
}
+ =item $S->filter_param($val);
+
+ Pass through function to $S->filter_subject() to filter out user input.
+
+ =cut
+
+ sub filter_param {
+ my $S = shift;
+ my $val = shift;
+ return $S->filter_subject($val);
+ }
+
1;
Index: Comments.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Comments.pm,v
retrieving revision 1.134
retrieving revision 1.135
diff -C2 -d -r1.134 -r1.135
*** Comments.pm 13 Mar 2006 07:49:59 -0000 1.134
--- Comments.pm 6 Aug 2006 04:22:45 -0000 1.135
***************
*** 252,255 ****
--- 252,256 ----
my $loading_message = $S->js_quote($S->{UI}->{BLOCKS}->{dynamic_loading_message});
my $rootdir = $S->js_quote($S->{UI}->{VARS}->{rootdir} . '/');
+ $sid = $S->filter_param($sid);
my $sidesc = $S->js_quote($sid);
Index: Static.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Static.pm,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** Static.pm 14 May 2003 19:46:51 -0000 1.9
--- Static.pm 6 Aug 2006 04:22:45 -0000 1.10
***************
*** 89,92 ****
--- 89,105 ----
$stat_file = $S->mark_new_comments($stat_file, $sid) unless ($S->{UID} == -1);
+ # Set the page's subtitle properly
+ my $q_sid = $S->dbh->quote($sid);
+ my ($rv, $sth) = $S->db_select({
+ ARCHIVE => $S->_check_archivestatus($sid),
+ WHAT => 'title',
+ FROM => 'stories',
+ WHERE => qq|sid = $q_sid|
+ });
+ $S->{UI}->{BLOCKS}->{subtitle} .= $sth->fetchrow;
+ $sth->finish;
+ $S->{UI}->{BLOCKS}->{subtitle} =~ s/</</g;
+ $S->{UI}->{BLOCKS}->{subtitle} =~ s/>/>/g;
+
# And the ratings! Put something here.
Index: Tags.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Tags.pm,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** Tags.pm 8 Jan 2006 05:44:03 -0000 1.2
--- Tags.pm 6 Aug 2006 04:22:45 -0000 1.3
***************
*** 87,90 ****
--- 87,102 ----
# this ought to block blank tags
next if $tag !~ /\w/;
+ $tag = $S->filter_subject($tag);
+
+ if ($S->var('wrap_long_lines')) {
+ my $wrap_at = $S->var('wrap_long_lines_at');
+ $tag =~ s/(\S{$wrap_at})/$1\n/g;
+ }
+
+ if ($S->var('maximum_tag_length')) {
+ my $max = $S->var('maximum_tag_length');
+ $tag =~ s/^(.{0,$max}).*$/$1/;
+ }
+
my $q_tag = $S->dbh->quote($tag);
# gotta filter out '/' as '-', too
***************
*** 98,101 ****
--- 110,114 ----
push @cache, $tag; # after filtering, mind you
$i++;
+ last if ($S->var('maximum_tags_per_story') && $i >= $S->var('maximum_tags_per_story'));
}
***************
*** 187,190 ****
--- 200,204 ----
my $tags;
if ($tags_in) {
+ $tags_in = $S->filter_subject($tags_in);
@{$tags} = split /\s*,\s*/, $tags_in;
} else {
Index: Search.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Search.pm,v
retrieving revision 1.76
retrieving revision 1.77
diff -C2 -d -r1.76 -r1.77
*** Search.pm 14 Jun 2006 21:27:00 -0000 1.76
--- Search.pm 6 Aug 2006 04:22:45 -0000 1.77
***************
*** 34,37 ****
--- 34,38 ----
my $args = $S->{CGI}->Vars;
+ $args->{count} = $S->filter_param($args->{count});
my $result_count = $args->{count} || 30;
***************
*** 378,381 ****
--- 379,387 ----
}
+
+ foreach my $key (qw(offset count string)) {
+ $args->{$key} = $S->filter_subject($args->{$key});
+ }
+
my $form = qq|
<TR>
***************
*** 689,694 ****
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{FROM} = "stories s LEFT JOIN users u ON s.aid = u.uid";
! $query->{WHAT} = qq|*, $date_format AS ftime, u.nickname AS nick|;
$query->{WHERE} = qq|displaystatus >= 0 AND section != 'Diary' $excl_sect_sql|;
--- 695,700 ----
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{FROM} = "stories s ";
! $query->{WHAT} = qq|*, $date_format AS ftime|;
$query->{WHERE} = qq|displaystatus >= 0 AND section != 'Diary' $excl_sect_sql|;
***************
*** 716,721 ****
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{FROM} = "stories s LEFT JOIN users u ON s.aid = u.uid";
! $query->{WHAT} = qq|*, $date_format AS ftime, u.nickname AS nick|;
$query->{WHERE} = qq|displaystatus >= 0 AND section = 'Diary' $excl_sect_sql|;
--- 722,727 ----
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{FROM} = "stories s ";
! $query->{WHAT} = qq|*, $date_format AS ftime|;
$query->{WHERE} = qq|displaystatus >= 0 AND section = 'Diary' $excl_sect_sql|;
***************
*** 737,742 ****
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{WHAT} = qq|*, $date_format AS ftime, u.nickname AS nick|;
! $query->{FROM} = "stories s LEFT JOIN users u ON s.aid = u.uid";
if($S->{UI}->{VARS}->{use_fulltext_indexes} && !$args->{phrase}){
$query->{WHERE} = qq|displaystatus >= 0 and section = 'Diary' and MATCH(title,introtext,bodytext) AGAINST('$args->{string}') $excl_sect_sql|;
--- 743,748 ----
my $date_format = $S->date_format('time', 'short');
$query->{ARCHIVE} = ($args->{search_archive} ? 1 : 0);
! $query->{WHAT} = qq|*, $date_format AS ftime|;
! $query->{FROM} = "stories s ";
if($S->{UI}->{VARS}->{use_fulltext_indexes} && !$args->{phrase}){
$query->{WHERE} = qq|displaystatus >= 0 and section = 'Diary' and MATCH(title,introtext,bodytext) AGAINST('$args->{string}') $excl_sect_sql|;