-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just committed a fix to the php-wrapper. This may or may not have been a potential exploit. The fix prevents people from including arbitrary HTML or PHP code in their search string. The fix strips such tags from the input string.
To test the exploit, try entering an IMG html tag into your search field, such as <img src=http://www.htdig.org/htdig_big.gif>. If you see: There were no matches for [IMAGE] found on the website. where [IMAGE] is the htDig image, then you have not patched your system. - -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 -- QDPGP 2.61c Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBO8cv9woLFxTP+508EQImKgCg9c+rZubF4HlqYLPBxyPNE+7kVuEAnAvS jE6D1uNrsM95d23O8vox7uPH =+2x/ -----END PGP SIGNATURE----- _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
