Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070710081852-dd049-f82c0e5c3110a5752733f534ccb9129b496668d8.gz;
[actionpack-1.13.2-2terminus1-i686 voroskoi <[EMAIL PROTECTED]>**20070710081852 forgot the patch ] { addfile ./source/devel-extra/actionpack/CVE-2007-3227.diff hunk ./source/devel-extra/actionpack/CVE-2007-3227.diff 1 +diff -aur actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb fw-actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb +--- actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb 2007-07-10 09:05:32.000000000 +0200 ++++ fw-actionpack-1.13.2/lib/action_controller/assertions/selector_assertions.rb 2007-07-10 09:11:18.000000000 +0200 +@@ -561,6 +561,8 @@ + # RJS encodes double quotes and line breaks. + unescaped= rjs_string.gsub('\"', '"') + unescaped.gsub!('\n', "\n") ++ unescaped.gsub!('\076', '>') ++ unescaped.gsub!('\074', '<') + # RJS encodes non-ascii characters. + unescaped.gsub!(RJS_PATTERN_UNICODE_ESCAPED_CHAR) {|u| [$1.hex].pack('U*')} + unescaped } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs