Prevents cross site scripting attack
Found-by: Pankaj Jadhav <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
---
index.cgi | 2 ++
1 file changed, 2 insertions(+)
diff --git a/index.cgi b/index.cgi
index 030fb52..a164d3b 100755
--- a/index.cgi
+++ b/index.cgi
@@ -32,6 +32,8 @@ use URI::Escape;
my @queries = split(/\/\//, uri_unescape param 'query') if (param 'query');
my $sort = param('sort');
+$sort =~ s/[^A-Za-z0-9 ]*//g;
+param('sort', $sort);
$sort = $sort eq 'arch' ? 'subarch': $sort;
(my $uri = $ENV{REQUEST_URI}) =~ s/\?.*//;
--
2.14.2
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
