From 2476177ea7cfb7a14b92e5142502a6211a07a0f5 Mon Sep 17 00:00:00 2001 From: Jason Gochanour Date: Thu, 26 May 2016 11:40:25 -0600 Subject: [PATCH] Fixed XSS vulnerability with show_change_pwd_page and fixed an infinite loop in 'threaded' mode. --- src/elogd.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/elogd.c b/src/elogd.c index 5ae6d3b2..47510756 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -9005,8 +9005,10 @@ void show_change_pwd_page(LOGBOOK * lbs) rsprintf(""); if (wrong_pwd == 1) { - if (error_str[0]) - rsprintf("\n", error_str); + if (error_str[0]) { + strencode2(str, error_str, sizeof(str)); + rsprintf("\n", str); + } else rsprintf("\n", loc("Wrong password")); } @@ -9015,8 +9017,10 @@ void show_change_pwd_page(LOGBOOK * lbs) rsprintf("\n", loc("New passwords do not match, please retype")); - if (wrong_pwd == 3) - rsprintf("\n", error_str); + if (wrong_pwd == 3) { + strencode2(str, error_str, sizeof(str)); + rsprintf("\n", str); + } rsprintf("
%s!
%s!
%s!
%s!
%s!
%s!
\n"); @@ -20733,7 +20737,8 @@ void show_elog_list(LOGBOOK * lbs, int past_n, int last_n, int page_n, BOOL defa if (i == *msg_list[index].lbs->n_el_index) break; - in_reply_to_id = msg_list[index].lbs->el_index[i].in_reply_to; + //in_reply_to_id = msg_list[index].lbs->el_index[i].in_reply_to; + in_reply_to_id = 0; } while (in_reply_to_id); @@ -21102,8 +21107,9 @@ void show_elog_list(LOGBOOK * lbs, int past_n, int last_n, int page_n, BOOL defa rsprintf("\n"); if (isparam("last")) { - rsprintf("", loc("Restrict seach to last")); - rsprintf("", getparam("last"), loc("days")); + rsprintf("", loc("Restrict search to last")); + strencode2(str, getparam("last"), sizeof(str)); + rsprintf("", str, loc("days")); } if (isparam("ma") || isparam("ya") || isparam("da") || isparam("ha") || isparam("na")
%s:%s %s
%s:%s %s