main/smokeping/xss-fix-from-Steven-Chamberlain.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

From bad9f9c28f0939b269f90072aa4cf41f20f15563 Mon Sep 17 00:00:00 2001
From: Tobias Oetiker <tobi@oetiker.ch>
Date: Sun, 17 Mar 2013 13:11:10 +0100
Subject: [PATCH] xss fix from Steven Chamberlain

---
 lib/Smokeping.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm
index cec130a..080b538 100644
--- a/lib/Smokeping.pm
+++ b/lib/Smokeping.pm
@@ -1028,8 +1028,9 @@ sub smokecol ($) {
 
 sub parse_datetime($){
     my $in = shift;
-    for ($in){
-	/^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
+    for ($in){ 
+        $in =~ s/$xssBadRx/_/g;
+        /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
         /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/  && 
             return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1);
         /^now$/ && return time;
-- 
1.8.1.5