This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository fateserver.
commit 21e9116be9e18cbfdc24de14b3b99c10ab8f59a3 Author: Nicolas George <[email protected]> AuthorDate: Thu Mar 12 14:01:18 2026 +0100 Commit: Nicolas George <[email protected]> CommitDate: Thu Mar 12 14:01:18 2026 +0100 index: ignore invalid parameter names Avoid code injection in crafted links. --- index.cgi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/index.cgi b/index.cgi index 8c690d1..04b6cbd 100755 --- a/index.cgi +++ b/index.cgi @@ -108,6 +108,7 @@ sub repcmp { sub lsort { my $params = ''; for my $thisparam (param) { + next if $thisparam =~ /[^a-z0-9_]/; next if $thisparam =~ 'sort'; $params .= '&' if $params ne ''; $params .= "$thisparam=" . uri_escape(param($thisparam)); @@ -142,6 +143,7 @@ sub category { # $params will contain parameters else than query, if any, in HTTP format. my $params = ''; for my $thisparam (param) { + next if $thisparam =~ /[^a-z0-9_]/; next if $thisparam eq 'query'; $params .= '&' if $params ne ''; $params .= "$thisparam=" . uri_escape(param($thisparam)); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
