Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070710081852-dd049-f82c0e5c3110a5752733f534ccb9129b496668d8.gz;
[actionpack-1.13.2-2terminus1-i686
voroskoi <[EMAIL PROTECTED]>**20070710081852
forgot the patch
] {
addfile ./source/devel-extra/actionpack/CVE-2007-3227.diff
hunk ./source/devel-extra/actionpack/CVE-2007-3227.diff 1
+diff -aur
actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb
fw-actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb
+--- actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb
2007-07-10 09:05:32.000000000 +0200
++++
fw-actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb
2007-07-10 09:11:18.000000000 +0200
+@@ -561,6 +561,8 @@
+ # RJS encodes double quotes and line breaks.
+ unescaped= rjs_string.gsub('\"', '"')
+ unescaped.gsub!('\n', "\n")
++ unescaped.gsub!('\076', '>')
++ unescaped.gsub!('\074', '<')
+ # RJS encodes non-ascii characters.
+ unescaped.gsub!(RJS_PATTERN_UNICODE_ESCAPED_CHAR) {|u|
[$1.hex].pack('U*')}
+ unescaped
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
