>From http://sourceforge.net/projects/htdig/ click on CVS. >From http://sourceforge.net/cvs/?group_id=4593 click on Browse CVS Repository.
Then follow your nose to: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/htdig/htdig/contrib/php-wrapper/ This URL contains the diff: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/htdig/htdig/contrib/php- wrapper/search.php.diff?r1=1.1&r2=1.2 On 25 Oct 2001 at 14:40, Marcus Valentine wrote: > Can someone tell me how to get hold of this? I can't find it on sourceforge. > > Thanks > > At 14:01 12/10/01 -0400, Dan Langille wrote: > > > >I have just committed a fix to the php-wrapper. This may or may not > >have been a potential exploit. The fix prevents people from including > >arbitrary HTML or PHP code in their search string. The fix > >strips such tags from the input string. > > > >To test the exploit, try entering an IMG html tag into your > >search field, such as <img src=http://www.htdig.org/htdig_big.gif>. > > > >If you see: > > > > There were no matches for [IMAGE] found on the website. > > > >where [IMAGE] is the htDig image, then you have not patched > >your system. > >- -- > >Dan Langille > > > _______________________________________________ > htdig-general mailing list <[EMAIL PROTECTED]> > To unsubscribe, send a message to <[EMAIL PROTECTED]> with >a subject of unsubscribe > FAQ: http://htdig.sourceforge.net/FAQ.html > -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
