Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix potential XSS issue with [layers] tag.
  • Loading branch information
sdlime authored and rouault committed Apr 17, 2019
1 parent 423d434 commit 8b431a8
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion maptemplate.c
Expand Up @@ -3671,7 +3671,9 @@ static char *processLine(mapservObj *mapserv, char *instr, FILE *stream, int mod
strlcat(repstr, " ", sizeof(repstr));
}
msStringTrimBlanks(repstr);
outstr = msReplaceSubstring(outstr, "[layers]", repstr);
encodedstr = msEncodeHTMLEntities(repstr);
outstr = msReplaceSubstring(outstr, "[layers]", encodedstr);
free(encodedstr);

encodedstr = msEncodeUrl(repstr);
outstr = msReplaceSubstring(outstr, "[layers_esc]", encodedstr);
Expand Down

0 comments on commit 8b431a8

Please sign in to comment.