Kenneth,
It looks like all but one of the .patch files should be applied.
> /BackupPC-3.2.1-fix-XSS-vulnerability2.patch is already applied but the
> other XSS patch is not.
Both fixes shave been applied in both the 3.3.0 and 4.0.0 releases. I
fixed the second one in a slightly different manner than the submitted
patch. If you look down a couple of lines, there is a check that $num is
numeric. The XSS vulnerability comes from $num not being escaped in the
error message.
So I put the EscHTML() fix in the Invalid_number__num language strings.
The qw patch fixes a Perl warning.
These should also be fixed in both 3.3.0 and 4.0.0. Is there another case
that I missed?
Craig
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13.
http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
_______________________________________________
BackupPC-devel mailing list
BackupPC-devel@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
