calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a98c9b7f40'
${ noResults }
gentoo-overlay/www-apps/websvn/files/31_CVE-2016-1236.patch

62 lines
2.5 KiB
Raw Blame History

Description: CVE-2016-1236: XSS via directory or file in a repository containing XSS payload
Origin: vendor
Forwarded: no
Author: Nitin Venkatesh <venkatesh.nitin@gmail.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2016-05-08
--- a/revision.php
+++ b/revision.php
@@ -145,7 +145,7 @@ if ($rep) {
}
$resourceExisted = $change->action == 'M' || $change->copyfrom;
$listing[] = array(
- 'path' => $change->path,
+ 'path' => escape($change->path),
'oldpath' => $change->copyfrom ? $change->copyfrom.' @ '.$change->copyrev : '',
'action' => $change->action,
'added' => $change->action == 'A',
--- a/log.php
+++ b/log.php
@@ -323,6 +323,9 @@ if ($rep) {
$listing[$index]['revadded'] = (isset($modpaths['A'])) ? implode('<br/>', $modpaths['A']) : '';
$listing[$index]['revdeleted'] = (isset($modpaths['D'])) ? implode('<br/>', $modpaths['D']) : '';
$listing[$index]['revmodified'] = (isset($modpaths['M'])) ? implode('<br/>', $modpaths['M']) : '';
+ $listing[$index]['revadded'] = escape($listing[$index]['revadded']);
+ $listing[$index]['revdeleted'] = escape($listing[$index]['revdeleted']);
+ $listing[$index]['revmodified'] = escape($listing[$index]['revmodified']);
}
$row = 1 - $row;
--- a/comp.php
+++ b/comp.php
@@ -381,7 +381,7 @@ if ($rep) {
$absnode .= $node;
}
- $listing[$index]['newpath'] = $absnode;
+ $listing[$index]['newpath'] = escape($absnode);
$listing[$index]['fileurl'] = $config->getURL($rep, $absnode, 'file').'rev='.$rev2;
--- a/listing.php
+++ b/listing.php
@@ -123,7 +123,7 @@ function showDirFiles($svnrep, $subs, $l
$listing[$index]['level'] = ($treeview) ? $level : 0;
$listing[$index]['node'] = 0; // t-node
$listing[$index]['path'] = $path.$file;
- $listing[$index]['filename'] = $file;
+ $listing[$index]['filename'] = escape($file);
if ($isDir) {
$listing[$index]['fileurl'] = urlForPath($path.$file, $passRevString);
} else {
@@ -137,7 +137,7 @@ function showDirFiles($svnrep, $subs, $l
}
if ($treeview) {
- $listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.$path.$file.'@'.$passrev.'" onclick="checkCB(this)" />';
+ $listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.escape($path.$file).'@'.$passrev.'" onclick="checkCB(this)" />';
}
if ($config->showLastModInListing()) {
$listing[$index]['committime'] = $entry->committime;
Reference in new issue View Git Blame Copy Permalink