On 2013-03-16, Steven Chamberlain wrote: > Another difference is that upstream 2.6.9 used a replacement character > of underscore rather than a dot. Attached is my suggested revision of > Salvatore's patch (also adds filtering of time specifiers). > > I've tested this on an existing wheezy/sid SmokePing installation; it > stops the injection of quotes into the <img> tag I demonstrated before. > It also prevents those characters from being used in graph filenames in > the cache directory. I've tried some valid time specifiers and they are > still working.
Alright, I pushed this patch as 2.6.8-2, thanks!
I have also requested a freeze exception for that upload. Hopefully that
will be enough for now. :)
A.
--
Premature optimization is the root of all evil
- Donald Knuth
pgpw3lcSxwbNa.pgp
Description: PGP signature
