richter 02/03/20 21:37:51
Modified: . Tag: Embperl2c Changes.pod Embperl.pm embperl.h
test.pl
test/cmp Tag: Embperl2c escape.htm
test/html Tag: Embperl2c escape.htm
test/html/app Tag: Embperl2c i18n.htm
Log:
2.0b7 :-)
Revision Changes Path
No revision
No revision
1.129.4.60 +7 -2 embperl/Changes.pod
Index: Changes.pod
===================================================================
RCS file: /home/cvs/embperl/Changes.pod,v
retrieving revision 1.129.4.59
retrieving revision 1.129.4.60
diff -u -r1.129.4.59 -r1.129.4.60
--- Changes.pod 20 Mar 2002 20:38:58 -0000 1.129.4.59
+++ Changes.pod 21 Mar 2002 05:37:49 -0000 1.129.4.60
@@ -1,7 +1,12 @@
=pod
-=head1 2.0b7
+=head1 2.0b7 (BETA) 21. Mar. 2002
+ - Changed default for EMBPERL_ESCMODE from 3 to 7. This disables
+ by default the possibilty use the backslash to not escape a piece
+ of output. This increases the security, because it by default
+ avoids the interpretation of the backslash in any user input that
+ is redisplayed.
- Fixed bug in mail syntax and Embperl::Mail reported by Jan Kyncl.
- Removed LogFormat and CustsomLog from test config, so mod_log_config
is not required for make test. Reported by Jochen Topf.
@@ -13,7 +18,7 @@
objects was kept after the end of it's lifetime, which caused a
segfault.
- Don't do a path search when the filename starts with './'.
- - Fixed segfault that occured when many nested sub's are used,
+ - Fixed a segfault that occured when many nested sub's are used,
but only a low number of strings.
- Fixed a problem that <option> tags are not correctly selected, when
the <option> tag was inside a loop and the name of the <select>
1.118.4.100 +2 -2 embperl/Embperl.pm
Index: Embperl.pm
===================================================================
RCS file: /home/cvs/embperl/Embperl.pm,v
retrieving revision 1.118.4.99
retrieving revision 1.118.4.100
diff -u -r1.118.4.99 -r1.118.4.100
--- Embperl.pm 18 Mar 2002 20:23:44 -0000 1.118.4.99
+++ Embperl.pm 21 Mar 2002 05:37:49 -0000 1.118.4.100
@@ -10,7 +10,7 @@
# IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
# WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
-# $Id: Embperl.pm,v 1.118.4.99 2002/03/18 20:23:44 richter Exp $
+# $Id: Embperl.pm,v 1.118.4.100 2002/03/21 05:37:49 richter Exp $
#
###################################################################################
@@ -46,7 +46,7 @@
@ISA = qw(Exporter DynaLoader);
-$VERSION = '2.0b7_dev-1' ;
+$VERSION = '2.0b7' ;
$modperl = $ENV{MOD_PERL} ;
1.19.4.27 +4 -3 embperl/embperl.h
Index: embperl.h
===================================================================
RCS file: /home/cvs/embperl/embperl.h,v
retrieving revision 1.19.4.26
retrieving revision 1.19.4.27
diff -u -r1.19.4.26 -r1.19.4.27
--- embperl.h 11 Mar 2002 08:47:25 -0000 1.19.4.26
+++ embperl.h 21 Mar 2002 05:37:50 -0000 1.19.4.27
@@ -10,7 +10,7 @@
# IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
# WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
-# $Id: embperl.h,v 1.19.4.26 2002/03/11 08:47:25 richter Exp $
+# $Id: embperl.h,v 1.19.4.27 2002/03/21 05:37:50 richter Exp $
#
###################################################################################*/
@@ -177,9 +177,10 @@
escNone = 0,
escHtml = 1,
escUrl = 2,
- escStd = 3,
escEscape = 4,
- escXML = 8
+ escXML = 8,
+
+ escStd = 7
} ;
/* --- input escaping --- */
1.70.4.132 +2 -2 embperl/test.pl
Index: test.pl
===================================================================
RCS file: /home/cvs/embperl/test.pl,v
retrieving revision 1.70.4.131
retrieving revision 1.70.4.132
diff -u -r1.70.4.131 -r1.70.4.132
--- test.pl 20 Mar 2002 20:38:58 -0000 1.70.4.131
+++ test.pl 21 Mar 2002 05:37:50 -0000 1.70.4.132
@@ -11,7 +11,7 @@
# IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
# WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
-# $Id: test.pl,v 1.70.4.131 2002/03/20 20:38:58 richter Exp $
+# $Id: test.pl,v 1.70.4.132 2002/03/21 05:37:50 richter Exp $
#
###################################################################################
@@ -2463,7 +2463,7 @@
}
}
- my $tries = ($opt_gdb || $opt_ddd)?30:10 ;
+ my $tries = ($opt_gdb || $opt_ddd)?30:15 ;
$httpdpid = 0 ;
my $herr = 0 ;
No revision
No revision
1.19.4.6 +3 -1 embperl/test/cmp/escape.htm
Index: escape.htm
===================================================================
RCS file: /home/cvs/embperl/test/cmp/escape.htm,v
retrieving revision 1.19.4.5
retrieving revision 1.19.4.6
diff -u -r1.19.4.5 -r1.19.4.6
--- escape.htm 2 Nov 2001 11:34:28 -0000 1.19.4.5
+++ escape.htm 21 Mar 2002 05:37:51 -0000 1.19.4.6
@@ -17,7 +17,9 @@
Now lets look what we are getting from this:<BR>
(this is the value in $a) (this is the value in $a)
äöüäöü???<&+ <BR>
-What is the EscMode? 3
+What is the EscMode? 7
+Let's set the EscMode to 3
+What is the EscMode now? 3
Now a Url: <A
HREF="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This%20is%20a%20text%20%3F%20%26%20%2B%20-%20%2521";>Here
it goes</A>
A Tag 2: <A
HREF="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This%20is%20a%20text%20%3F%20%26%20%2B%20-%20%2521";
TARGET="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This is a text ?
& + - %21">a2</A>
A Tag 3: <A
TARGET="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This is a text ?
& + - %21"
HREF="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This%20is%20a%20text%20%3F%20%26%20%2B%20-%20%2521";
TARGET="http://localhost/tests?id=abcdefghijklmnopqrstuvwxyz&text=This is a text ?
& + - %21">a3</A>
No revision
No revision
1.13.4.7 +2 -0 embperl/test/html/escape.htm
Index: escape.htm
===================================================================
RCS file: /home/cvs/embperl/test/html/escape.htm,v
retrieving revision 1.13.4.6
retrieving revision 1.13.4.7
diff -u -r1.13.4.6 -r1.13.4.7
--- escape.htm 2 Nov 2001 11:34:28 -0000 1.13.4.6
+++ escape.htm 21 Mar 2002 05:37:51 -0000 1.13.4.7
@@ -21,6 +21,8 @@
[+ $a +] [+ $b +]<BR>
What is the EscMode? [+ $escmode +]
+Let's set the EscMode to [+ $escmode = 3 +]
+What is the EscMode now? [+ $escmode +]
Now a Url: <A HREF="http://localhost/tests?id=[+%20$id +]&text=[+$text+]">Here it
goes</A>
A Tag 2: <A HREF="http://localhost/tests?id=[+%20$id +]&text=[+$text+]"
TARGET="http://localhost/tests?id=[+$id +]&text=[+$text+]">a2</A>
No revision
No revision
1.1.2.2 +1 -0 embperl/test/html/app/Attic/i18n.htm
Index: i18n.htm
===================================================================
RCS file: /home/cvs/embperl/test/html/app/Attic/i18n.htm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- i18n.htm 5 Mar 2002 08:07:23 -0000 1.1.2.1
+++ i18n.htm 21 Mar 2002 05:37:51 -0000 1.1.2.2
@@ -1,6 +1,7 @@
[- $r = shift -]
[-
$r -> {language_set} = [{id => 'de', 'name' => 'Deutsch'}, {id => 'en', 'name' =>
'English'}, ] ;
+$escmode = 3 ;
-]
<table width="100%">
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
