sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-13 23:39:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/devel/websvn/files/patch-CVE-2016-2511
Raphael Kubo da Costa 31c096f9f8 Add patches to fix CVE-2013-6892 and CVE-2016-2511. 
PR:		207740
Approved by:	ports-secteam (feld)
MFH:		2016Q1
2016-03-06 18:26:38 +00:00

12 lines
616 B
Text
Raw Blame History

Obtained from: Debian
--- include/setup.php.orig 2011-06-27 09:12:51 UTC
+++ include/setup.php
@@ -467,7 +467,7 @@ $vars['indexurl'] = $config->getURL('',
$vars['validationurl'] = getFullURL($_SERVER['SCRIPT_NAME']).'?'.buildQuery($queryParams + array('template' => $template, 'language' => $language), '%26');
// To avoid a possible XSS exploit, need to clean up the passed-in path first
-$path = !empty($_REQUEST['path']) ? $_REQUEST['path'] : null;
+$path = !empty($_REQUEST['path']) ? escape($_REQUEST['path']) : null;
if ($path === null || $path === '')
$path = '/';
$vars['safepath'] = escape($path);
Reference in a new issue View git blame Copy permalink