This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository fateserver.
commit f48422990bd6780ab59967e3aeb5c1491031719f Author: Nicolas George <[email protected]> AuthorDate: Thu Mar 12 14:00:24 2026 +0100 Commit: Nicolas George <[email protected]> CommitDate: Thu Mar 12 14:00:24 2026 +0100 index: escape parameters passed through to a link Avoid code injection in crafted links. --- index.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.cgi b/index.cgi index e0d7da0..8c690d1 100755 --- a/index.cgi +++ b/index.cgi @@ -110,7 +110,7 @@ sub lsort { for my $thisparam (param) { next if $thisparam =~ 'sort'; $params .= '&' if $params ne ''; - $params .= "$thisparam=" . param($thisparam); + $params .= "$thisparam=" . uri_escape(param($thisparam)); } $params .= '&' if $params; my ($text, $key) = @_; @@ -144,7 +144,7 @@ sub category { for my $thisparam (param) { next if $thisparam eq 'query'; $params .= '&' if $params ne ''; - $params .= "$thisparam=" . param($thisparam); + $params .= "$thisparam=" . uri_escape(param($thisparam)); } my $head = ($params ? '&' : '') . 'query='; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
