michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-04 22:30:33 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Escape untrusted params

Browse Source
This commit is contained in:
Jamie Cameron
2017-06-12 14:01:10 -07:00
committed by Joe cooper
parent 5aed345808
commit 91f03a2109
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
man/view_man.cgi
View File

@@ -43,8 +43,8 @@ SECT: foreach $sec (@sects) {
}
}
if (!$found) {
print "<p><b>",&text('man_noentry', "<tt>$in{'page'}</tt>"),
"</b><p>\n";
print "<p><b>",&text('man_noentry',
"<tt>".&html_escape($in{'page'})."</tt>"),"</b><p>\n";
}
else {
if (&has_command($config{'man2html_path'})) {
@@ -86,13 +86,19 @@ else {
$out =~ s/<A HREF="file:[^"]+">([^<]+)<\/a>/$1/ig;
$out =~ s/<A HREF="view_man.cgi">/<A HREF=\"\">/i;
}
&show_view_table(&text('man_header', $in{'page'}, $in{'sec'}),
$out);
&show_view_table(
&text('man_header',
&html_escape($in{'page'}),
&html_escape($in{'sec'})),
$out);
} else {
$out =~ s/.\010//g;
$out =~ s/^(man:\s*)?(re)?formatting.*//i;
&show_view_table(&text('man_header', $in{'page'}, $in{'sec'}),
"<pre>".&html_escape($out)."</pre>");
&show_view_table(
&text('man_header',
&html_escape($in{'page'}),
&html_escape($in{'sec'})),
"<pre>".&html_escape($out)."</pre>");
}
}