head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q1:1.1.0.10 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.04.09.10.15.01; author kefren; state dead; branches; next 1.1; 1.1 date 2008.07.25.02.55.27; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.07.25.02.55.27; author rtr; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.07.25.10.06.30; author rtr; state Exp; branches; next ; desc @@ 1.2 log @blind update to 1.470 Changelist since 1.370 is too large to be included in this message so please consult: http://www.webmin.com/changes-1.380.html http://www.webmin.com/changes-1.390.html http://www.webmin.com/changes-1.400.html http://www.webmin.com/changes-1.410.html http://www.webmin.com/changes-1.420.html http://www.webmin.com/changes-1.430.html http://www.webmin.com/changes-1.440.html http://www.webmin.com/changes-1.450.html http://www.webmin.com/changes-1.460.html http://www.webmin.com/changes-1.470.html @ text @$NetBSD: patch-at,v 1.1 2008/07/25 02:55:27 tonnerre Exp $ --- cluster-software/software/search.cgi.orig 2007-09-21 23:27:39.000000000 +0200 +++ cluster-software/software/search.cgi @@@@ -34,9 +34,11 @@@@ if (@@match == 1 && $in{'goto'}) { if (@@match) { @@match = sort { lc($packages{$a,'name'}) cmp lc($packages{$b,'name'}) } @@match; - print "",&text('search_match', "$s"),"

\n"; + print "",&text('search_match', "" . &html_escape($s) . ""), + "

\n"; print "

\n"; - print "\n"; + print "\n"; print &select_all_link("del", 0, $text{'search_selall'})," \n"; print &select_invert_link("del", 0, $text{'search_invert'}),"
\n"; print &ui_columns_start([ "", @@@@ -45,7 +47,8 @@@@ if (@@match) { $text{'search_desc'} ], 100); foreach $i (@@match) { local @@cols; - push(@@cols, "".&html_escape( $packages{$i,'name'}.($packages{$i,'version'} ? @@@@ -63,7 +66,8 @@@@ if (@@match) { print "\n"; } else { - print "",&text('search_nomatch', "$s"),"

\n"; + print "",&text('search_nomatch', "" . &html_escape($s) . + ""),"

\n"; } &ui_print_footer("", $text{'index_return'}); @ 1.1 log @Fix various cross site scripting, arbitrary command execution and various other vulnerabilities in webmin (CVE-2008-0720). @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-at was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:30 +0000 @ text @d1 38 @ 1.1.2.2 log @pullup ticket #2462 requested by tonnerre webmin: patch for various security vulnerabilities revisions pulled up: pkgsrc/sysutils/webmin/Makefile 1.24 pkgsrc/sysutils/webmin/distinfo 1.16 pkgsrc/sysutils/webmin/patches/patch-ac 1.3 pkgsrc/sysutils/webmin/patches/patch-aj 1.1 pkgsrc/sysutils/webmin/patches/patch-ak 1.1 pkgsrc/sysutils/webmin/patches/patch-al 1.1 pkgsrc/sysutils/webmin/patches/patch-am 1.1 pkgsrc/sysutils/webmin/patches/patch-an 1.1 pkgsrc/sysutils/webmin/patches/patch-ao 1.1 pkgsrc/sysutils/webmin/patches/patch-ap 1.1 pkgsrc/sysutils/webmin/patches/patch-aq 1.1 pkgsrc/sysutils/webmin/patches/patch-ar 1.1 pkgsrc/sysutils/webmin/patches/patch-as 1.1 pkgsrc/sysutils/webmin/patches/patch-at 1.1 pkgsrc/sysutils/webmin/patches/patch-au 1.1 pkgsrc/sysutils/webmin/patches/patch-av 1.1 pkgsrc/sysutils/webmin/patches/patch-aw 1.1 pkgsrc/sysutils/webmin/patches/patch-ax 1.1 pkgsrc/sysutils/webmin/patches/patch-ay 1.1 pkgsrc/sysutils/webmin/patches/patch-az 1.1 Module Name: pkgsrc Committed By: tonnerre Date: Fri Jul 25 02:55:28 UTC 2008 Modified Files: pkgsrc/sysutils/webmin: Makefile distinfo Added Files: pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as patch-at patch-au patch-av patch-aw patch-ax patch-ay patch-az Log Message: Fix various cross site scripting, arbitrary command execution and various other vulnerabilities in webmin (CVE-2008-0720). @ text @a0 38 $NetBSD: patch-at,v 1.1 2008/07/25 02:55:27 tonnerre Exp $ --- cluster-software/software/search.cgi.orig 2007-09-21 23:27:39.000000000 +0200 +++ cluster-software/software/search.cgi @@@@ -34,9 +34,11 @@@@ if (@@match == 1 && $in{'goto'}) { if (@@match) { @@match = sort { lc($packages{$a,'name'}) cmp lc($packages{$b,'name'}) } @@match; - print "",&text('search_match', "$s"),"

\n"; + print "",&text('search_match', "" . &html_escape($s) . ""), + "

\n"; print "

\n"; - print "\n"; + print "\n"; print &select_all_link("del", 0, $text{'search_selall'})," \n"; print &select_invert_link("del", 0, $text{'search_invert'}),"
\n"; print &ui_columns_start([ "", @@@@ -45,7 +47,8 @@@@ if (@@match) { $text{'search_desc'} ], 100); foreach $i (@@match) { local @@cols; - push(@@cols, "".&html_escape( $packages{$i,'name'}.($packages{$i,'version'} ? @@@@ -63,7 +66,8 @@@@ if (@@match) { print "\n"; } else { - print "",&text('search_nomatch', "$s"),"

\n"; + print "",&text('search_nomatch', "" . &html_escape($s) . + ""),"

\n"; } &ui_print_footer("", $text{'index_return'}); @