On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
> Hmm, this will quite sure not be approved. And Jonathan Wiltshire
> already commented there. A new upstream version at this stage of the
> freeze is not acceptable. But how about the attached patch for
> unstable?
... which I have forgotten to attach.
Regards,
Salvatore
--- a/lib/Smokeping.pm
+++ b/lib/Smokeping.pm
@@ -170,7 +170,7 @@
my $hierarchy = '';
my $h = $q->param('hierarchy');
if ($q->param('hierarchy')){
- $h =~ s/[<>&%]/./g;
+ $h =~ s/[<>%&'";]/./g;
$hierarchy = 'hierarchy='.$h.';';
};
return $hierarchy;
@@ -212,7 +212,7 @@
my $address = $ENV{REMOTE_ADDR};
my $targetptr = $cfg->{Targets};
foreach my $step (@target){
- $step =~ s/[<>&%]/./g;
+ $step =~ s/[<>%&'";]/./g;
return "Error: Unknown target $step"
unless defined $targetptr->{$step};
$targetptr = $targetptr->{$step};
@@ -1047,7 +1047,7 @@
my $tree = shift;
my $open = shift;
my $mode = shift || $q->param('displaymode') || 's';
- $mode =~ s/[<>&%]/./g;
+ $mode =~ s/[<>%&'";]/./g;
my $phys_tree = $tree;
my $phys_open = $open;
if ($tree->{__tree_link}){
@@ -1447,7 +1447,7 @@
$startstr =~ s/\s/%20/g;
$endstr =~ s/\s/%20/g;
my $t = $q->param('target');
- $t =~ s/[<>&%]/./g;
+ $t =~ s/[<>%&'";]/./g;
for my $slave (@slaves){
my $s = $slave ? "~$slave" : "";
$page .= "<div>";
@@ -1601,7 +1601,7 @@
my $t = $q->param('target');
if ( $t and $t !~ /\.\./ and $t =~ /(\S+)/){
$targ = $1;
- $targ =~ s/[<>;%]/./g;
+ $targ =~ s/[<>%&'";]/./g;
}
my ($path,$slave) = split(/~/,$targ);
if ($slave and $slave =~ /(\S+)/){
@@ -1610,7 +1610,7 @@
$slave = $1;
}
my $hierarchy = $q->param('hierarchy');
- $hierarchy =~ s/[<>;%]/./g;
+ $hierarchy =~ s/[<>%&'";]/./g;
die "ERROR: unknown hierarchy $hierarchy\n"
if $hierarchy and not $cfg->{Presentation}{hierarchies}{$hierarchy};
my $open = [ (split /\./,$path||'') ];
