CVS log for mandoc/man.cgi.8

[BACK] Up to [cvsweb.bsd.lv] / mandoc

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: VERSION_1_13_1


Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 22 18:14:13 2014 UTC (9 years, 8 months ago) by schwarze
Branch: MAIN
CVS Tags: VERSION_1_13_1
Changes since 1.8: +40 -2 lines
Diff to previous 1.8 (unified)

Security fix to prevent XSS attacks:
Restrict the character set of strings passed into html_alloc(),
in particular architecture names that come from the QUERY_STRING,
but also SCRIPT_NAME and manpath.conf content for additional safety,
and bail out safely on violations.
Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb