Update of mhonarc/MHonArc/lib
Modified Files:
ewhutil.pl
Log Message:
Bug #35388: Added '<' character in commentize() function to prevent
possible PHP code injection.
======================================================================
FILE: mhonarc/MHonArc/lib/ewhutil.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/ewhutil.pl?rev=2.17>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/ewhutil.pl.diff?r1=2.16&r2=2.17&diff_format=h>
--- ewhutil.pl 20 Apr 2006 04:03:29 -0000 2.16
+++ ewhutil.pl 29 Jan 2012 18:32:36 -0000 2.17
@@ -7,5 +7,5 @@
## Generic utility routines
##---------------------------------------------------------------------------##
-## Copyright (C) 1996-2001 Earl Hood, mhonarc(_at_)mhonarc(_dot_)org
+## Copyright (C) 1996-2001,2012 Earl Hood, mhonarc(_at_)mhonarc(_dot_)org
##
## This program is free software; you can redistribute it and/or modify
@@ -71,5 +71,5 @@
sub commentize {
my($txt) = $_[0];
- $txt =~ s/([\-&])/'&#'.unpack('C',$1).';'/ge;
+ $txt =~ s/([\-&<])/'&#'.unpack('C',$1).';'/ge;
$txt;
}
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-COMMITS