X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fblosxom.git;a=blobdiff_plain;f=blosxom.cgi;h=687038dd08b927239b2629961179a43ca99db1de;hp=eae39bf4becfc5bef9134b7196dd3769b84ebbc1;hb=6d921935464bcc7923d9feec12eabf44467763f7;hpb=b9131697cef6d045ddae4970f610595227718ea3

diff --git a/blosxom.cgi b/blosxom.cgi
index eae39bf..687038d 100755
--- a/blosxom.cgi
+++ b/blosxom.cgi
@@ -2,7 +2,7 @@
 
 # Blosxom
 # Author: Rael Dornfest (2002-2003), The Blosxom Development Team (2005-2008)
-# Version: 2.1.1 ($Id: blosxom.cgi,v 1.83 2008/07/30 22:27:02 xtaran Exp $)
+# Version: 2.1.2 ($Id: blosxom.cgi,v 1.86 2008/11/11 10:37:16 alfie Exp $)
 # Home/Docs/Licensing: http://blosxom.sourceforge.net/
 # Development/Downloads: http://sourceforge.net/projects/blosxom
 
@@ -91,7 +91,7 @@ use File::stat;
 use Time::Local;
 use CGI qw/:standard :netscape/;
 
-$version = "2.1.1";
+$version = "2.1.2";
 
 # Load configuration from $ENV{BLOSXOM_CONFIG_DIR}/blosxom.conf, if it exists
 my $blosxom_config;
@@ -214,6 +214,23 @@ if (! ($flavour = param('flav'))) {
 }
 $flavour ||= $default_flavour;
 
+# Fix XSS in flavour name (CVE-2008-2236)
+$flavour = blosxom_html_escape($flavour);
+
+sub blosxom_html_escape {
+  my $string = shift;
+  my %escape = (
+                '<' => '&lt;',
+                '>' => '&gt;',
+                '&' => '&amp;',
+                '"' => '&quot;',
+                "'" => '&apos;'
+                );
+  my $escape_re = join '|' => keys %escape;
+  $string =~ s/($escape_re)/$escape{$1}/g;
+  $string;
+}
+
 # Global variable to be used in head/foot.{flavour} templates
 $path_info = '';
 # Add all @path_info elements to $path_info till we come to one that could be a year
@@ -693,19 +710,11 @@ sub generate {
                 $fn    =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg;
 
                 # Escape <, >, and &, and to produce valid RSS
-                my %escape = (
-                    '<' => '&lt;',
-                    '>' => '&gt;',
-                    '&' => '&amp;',
-                    '"' => '&quot;',
-                    "'" => '&apos;'
-                );
-                my $escape_re = join '|' => keys %escape;
-                $title =~ s/($escape_re)/$escape{$1}/g;
-                $body  =~ s/($escape_re)/$escape{$1}/g;
-                $url   =~ s/($escape_re)/$escape{$1}/g;
-                $path  =~ s/($escape_re)/$escape{$1}/g;
-                $fn    =~ s/($escape_re)/$escape{$1}/g;
+                $title = blosxom_html_escape($title);
+                $body  = blosxom_html_escape($body);
+                $url   = blosxom_html_escape($url);
+                $path  = blosxom_html_escape($path);
+                $fn    = blosxom_html_escape($fn);
             }
 
             $story = &$interpolate($story);