@@ -61,6 +61,23 @@ if ( $path_info[$#path_info] =~ /(.+)\.(.+)$/ ) { $flavour = param('flav') || $default_flavour; } +# Fix XSS in flavour name (CVE-2008-2236) +$flavour = blosxom_html_escape($flavour); + +sub blosxom_html_escape { + my $string = shift; + my %escape = ( + '<' => '&lt;', + '>' => '&gt;', + '&' => '&amp;', + '"' => '&quot;', + "'" => '&apos;' + ); + my $escape_re = join '|' => keys %escape; + $string =~ s/($escape_re)/$escape{$1}/g; + $string; +} + # Strip spurious slashes $path_info =~ s!(^/*)|(/*$)!!g; blosxom.cgi ee9f162c909a8c240f39e2ebbbc1e42477818c45 Kyo Nagashima kyo@hail2u.net http://github.com/hail2u/blosxom-starter-kit/commit/8828dfc2b69eaa5d5384c3cc25690c8a33352342 8828dfc2b69eaa5d5384c3cc25690c8a33352342 2009-03-31T08:11:40-07:00 2009-03-31T08:11:40-07:00 fix reported vulnerability (CVE-2008-2236) e5284aa6966333998bb1df374944e7090edd7807 Kyo Nagashima kyo@hail2u.net