On Thu, Sep 11, 2008 at 09:44:02PM +0100, Steve Cotton wrote: > Thu Sep 11 00:06:59 BST 2008 Steve Cotton <[EMAIL PROTECTED]> > * darcs.cgi script - fix insecure printfs > The darcs.cgi repository viewer wasn't working with Perl 5.10. > > Details are in Debian's BTS, > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498542 > > Perl's taint checking has become stricter between 5.8 and 5.10: > perl#45671: printf should check taintedness of its template > http://rt.perl.org/rt3/Public/Bug/Display.html?id=45671 > > In this CGI script, $name is tainted in: > line 231: printf $fh qq( <$type name="$name" modified="$mtime" ts="$ts" > />\n); > line 250: printf $fh qq( <repository name="$name" />\n);
Applied. This seems straightforward. Thanks for the submission! David _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
