[Debian-l10n-commits] r1054 - /ddtss/trunk/ddtss-cgi
kleptog-guest at users.alioth.debian.org
kleptog-guest at users.alioth.debian.org
Sun Jun 15 09:15:25 UTC 2008
Author: kleptog-guest
Date: Sun Jun 15 09:15:24 2008
New Revision: 1054
URL: http://svn.debian.org/wsvn/?sc=1&rev=1054
Log:
Fix XSS reported by Moritz Naumann
Modified:
ddtss/trunk/ddtss-cgi
Modified: ddtss/trunk/ddtss-cgi
URL: http://svn.debian.org/wsvn/ddtss/trunk/ddtss-cgi?rev=1054&op=diff
==============================================================================
--- ddtss/trunk/ddtss-cgi (original)
+++ ddtss/trunk/ddtss-cgi Sun Jun 15 09:15:24 2008
@@ -851,6 +851,8 @@
}
my $package = $q->param('package');
+ $package =~ s/[^\w.+-]//g; # Clean out nasty characters
+
my $force = defined $q->param("force");
my $email;
More information about the Debian-l10n-commits
mailing list