aboutsummaryrefslogtreecommitdiffstats
path: root/main/smokeping/xss-fix-from-Steven-Chamberlain.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-04-12 10:49:24 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-04-12 10:51:24 +0000
commitfad8b74f852feb2d12f1f967c294e3a20560534a (patch)
treeb1b4e7f99e5ffa354b53cc5ed45368767c78be5a /main/smokeping/xss-fix-from-Steven-Chamberlain.patch
parentddfb89a1758231264a547accabfb1de71ed50b63 (diff)
downloadaports-fad8b74f852feb2d12f1f967c294e3a20560534a.tar.bz2
aports-fad8b74f852feb2d12f1f967c294e3a20560534a.tar.xz
main/smokeping: yet another XSS fix
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899#155
Diffstat (limited to 'main/smokeping/xss-fix-from-Steven-Chamberlain.patch')
-rw-r--r--main/smokeping/xss-fix-from-Steven-Chamberlain.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/main/smokeping/xss-fix-from-Steven-Chamberlain.patch b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch
new file mode 100644
index 0000000000..ba1e25f461
--- /dev/null
+++ b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch
@@ -0,0 +1,28 @@
+From bad9f9c28f0939b269f90072aa4cf41f20f15563 Mon Sep 17 00:00:00 2001
+From: Tobias Oetiker <tobi@oetiker.ch>
+Date: Sun, 17 Mar 2013 13:11:10 +0100
+Subject: [PATCH] xss fix from Steven Chamberlain
+
+---
+ lib/Smokeping.pm | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm
+index cec130a..080b538 100644
+--- a/lib/Smokeping.pm
++++ b/lib/Smokeping.pm
+@@ -1028,8 +1028,9 @@ sub smokecol ($) {
+
+ sub parse_datetime($){
+ my $in = shift;
+- for ($in){
+- /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
++ for ($in){
++ $in =~ s/$xssBadRx/_/g;
++ /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
+ /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/ &&
+ return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1);
+ /^now$/ && return time;
+--
+1.8.1.5
+