Tags: patch I have no idea why, but that report got pretty mangled. Attached is a cleaner copy of the same patch, I hope. :)
-- Kees Cook @outflux.net
diff -u torrentflux-2.1/debian/patches/00list torrentflux-2.1/debian/patches/00list --- torrentflux-2.1/debian/patches/00list +++ torrentflux-2.1/debian/patches/00list @@ -4,0 +5 @@ +05_sanitize_html_entities.dpatch only in patch2: unchanged: --- torrentflux-2.1.orig/debian/patches/05_sanitize_html_entities.dpatch +++ torrentflux-2.1/debian/patches/05_sanitize_html_entities.dpatch @@ -0,0 +1,26 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_sanitize_html_entities.dpatch by Kees Cook <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/ + [EMAIL PROTECTED]@ +diff -urNad torrentflux-2.1~/html/admin.php torrentflux-2.1/html/admin.php +--- torrentflux-2.1~/html/admin.php 2006-04-05 21:30:09.000000000 -0700 ++++ torrentflux-2.1/html/admin.php 2006-10-11 14:47:45.938332988 -0700 +@@ -322,7 +322,7 @@ + $user_icon = "images/user.gif"; + } + +- $ip_info = $ip_resolved."<br>".$user_agent; ++ $ip_info = htmlentities($ip_resolved)."<br>".htmlentities($user_agent); + + $output .= "<tr>"; + if (IsUser($user_id))
