CVSROOT: /cvs/webwml
Module name: packages
Changes by: djpig 06/12/11 12:12:56
Modified files:
cgi-bin : download.pl
Log message:
Clean up parameters for download.pl before using them.
Note that this mitigates the danger of real XSS attacks but
it still doesn't solve the problem that the md5sum on this
page is pretty worthless from a security standpoint since it
is provided by the client. The correct solution to solve this
is to lookup the filename and md5sum from the Packages files
as it is been done in the next generation code (see packages.d.n).
It is not easily possible to backport this solution though.
Patch by Javier Fernández-Sanguino Peña with some corrections
by me.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
