From bad9f9c28f0939b269f90072aa4cf41f20f15563 Mon Sep 17 00:00:00 2001 From: Tobias Oetiker Date: Sun, 17 Mar 2013 13:11:10 +0100 Subject: [PATCH] xss fix from Steven Chamberlain --- lib/Smokeping.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm index cec130a..080b538 100644 --- a/lib/Smokeping.pm +++ b/lib/Smokeping.pm @@ -1028,8 +1028,9 @@ sub smokecol ($) { sub parse_datetime($){ my $in = shift; - for ($in){ - /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; + for ($in){ + $in =~ s/$xssBadRx/_/g; + /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/ && return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1); /^now$/ && return time; -- 1.8.1.5