Update of /cvs/scoop/scoop/lib/Scoop
In directory lithium.sabren.com:/tmp/cvs-serv25024/lib/Scoop
Modified Files:
Search.pm
Log Message:
Cross-site scripting hole in Search.pm patched. We should probably make an effort to look for any other unfiltered query args being mindlessly echoed to the screen.
Index: Search.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Search.pm,v
retrieving revision 1.75
retrieving revision 1.76
diff -C2 -d -r1.75 -r1.76
*** Search.pm 14 Oct 2005 20:07:09 -0000 1.75
--- Search.pm 14 Jun 2006 21:27:00 -0000 1.76
***************
*** 95,103 ****
$next_page = 0;
}
!
$S->{UI}->{BLOCKS}->{CONTENT} = qq|
<TABLE WIDTH="100%" BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR BGCOLOR="%%title_bgcolor%%">
! <TD>%%title_font%%$args->{type} search results%%title_font_end%%</TD>
</TR>|;
--- 95,104 ----
$next_page = 0;
}
! my $safetype = $S->filter_subject($args->{type});
!
$S->{UI}->{BLOCKS}->{CONTENT} = qq|
<TABLE WIDTH="100%" BORDER=0 CELLPADDING=0 CELLSPACING=0>
<TR BGCOLOR="%%title_bgcolor%%">
! <TD>%%title_font%%$safetype search results%%title_font_end%%</TD>
</TR>|;
***************
*** 372,375 ****
--- 373,380 ----
$S->{CGI}->param('hidden_comments') ? 'CHECKED' : '' );
}
+
+ foreach my $key (qw(offset count string)) {
+ $args->{$key} = $S->filter_subject($args->{$key});
+ }
my $form = qq|