nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-31 03:34:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from calestyo/master

Browse Source 
escape version string to prevent XSS for sure
This commit is contained in:
Christoph Anton Mitterer 2013-03-20 15:47:18 -07:00
commit ba74446aa0
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -2,6 +2,9 @@
* Changed the end-of-line encodings of all non-Windows-related and * Changed the end-of-line encodings of all non-Windows-related and
non-autogenerated text files to use UNIX LF (lots of them had mixed non-autogenerated text files to use UNIX LF (lots of them had mixed
LF/CRLF). LF/CRLF).
* HTML escape the remotely retrieved version string printed to the HTML
in order to prevent and attacks (if this would have been possible at
all in 12 characters).
2013-03-06 Andrew McMillan <andrew@morphoss.com> 2013-03-06 Andrew McMillan <andrew@morphoss.com>
* Fix capitalisation of 'plpgsql' & 'sql' for Postgres 9.2. (debbug #702403) * Fix capitalisation of 'plpgsql' & 'sql' for Postgres 9.2. (debbug #702403)

2
debian/changelog vendored
View File

@ -1,6 +1,6 @@
davical (1.1.2-1) unstable; urgency=low davical (1.1.2-1) unstable; urgency=low
* New upstream release (closes:#702403) * New upstream release (closes:#702403, #703290)
-- Andrew McMillan <awm@debian.org> Wed, 06 Mar 2013 20:27:17 +1300 -- Andrew McMillan <awm@debian.org> Wed, 06 Mar 2013 20:27:17 +1300

2
htdocs/setup.php
View File

@ -252,7 +252,7 @@ function check_davical_version() {
$url = 'http://www.davical.org/current_davical_version?v='.$c->version_string; $url = 'http://www.davical.org/current_davical_version?v='.$c->version_string;
$version_file = @fopen($url, 'r'); $version_file = @fopen($url, 'r');
if ( ! $version_file ) return new CheckResult( false, translate("Could not retrieve") . " '$url'", 'dep_warning' ); if ( ! $version_file ) return new CheckResult( false, translate("Could not retrieve") . " '$url'", 'dep_warning' );
$current_version = trim(fread( $version_file,12)); $current_version = htmlentities( trim(fread( $version_file,12)) );
fclose($version_file); fclose($version_file);
$result = new CheckResult($c->version_string == $current_version); $result = new CheckResult($c->version_string == $current_version);
if ( ! $result->getOK() ) { if ( ! $result->getOK() ) {