[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server select-language.html body-include-1....
|
From: |
Pavel Kharitonov |
|
Subject: |
www/server select-language.html body-include-1.... |
|
Date: |
Thu, 15 Oct 2015 15:50:07 +0000 |
CVSROOT: /web/www
Module name: www
Changes by: Pavel Kharitonov <ineiev> 15/10/15 15:50:07
Modified files:
server : select-language.html body-include-1.html
Log message:
Sanitize URLs RT #1032396.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/select-language.html?cvsroot=www&r1=1.7&r2=1.8
http://web.cvs.savannah.gnu.org/viewcvs/www/server/body-include-1.html?cvsroot=www&r1=1.14&r2=1.15
Patches:
Index: select-language.html
===================================================================
RCS file: /web/www/www/server/select-language.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- select-language.html 17 Sep 2015 15:13:25 -0000 1.7
+++ select-language.html 15 Oct 2015 15:50:06 -0000 1.8
@@ -13,7 +13,7 @@
you can reset it with the first option in this list, and your browser
will reset it at the end of your session.</p>
-<!--#if expr=";$QUERY_STRING; = /;callback=([^;]+);/" -->
+<!--#if expr=";$QUERY_STRING; = /^[^<>]*;callback=([^;<>]+);[^<>]*$/" -->
<!--#set var="callback" value="$1" -->
<!--#else -->
<!--#set var="callback" value="/home.html" -->
@@ -368,7 +368,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2015/09/17 15:13:25 $
+$Date: 2015/10/15 15:50:06 $
<!-- timestamp end -->
</p>
</div>
Index: body-include-1.html
===================================================================
RCS file: /web/www/www/server/body-include-1.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -b -r1.14 -r1.15
--- body-include-1.html 13 May 2015 13:32:05 -0000 1.14
+++ body-include-1.html 15 Oct 2015 15:50:06 -0000 1.15
@@ -1,7 +1,11 @@
<!-- start of server/body-include-1.html -->
<!--#set var="HTML_BODY" value="yes" -->
+<!--#set var="cb" value="$REQUEST_URI" -->
+<!--#if expr="$cb = /^([^?]*)[?]/" -->
+<!--#set var="cb" value="$1" -->
+<!--#endif -->
<!--#set var="language_selector"
- value='<a href="/server/select-language.html?callback=$REQUEST_URI"
rel="nofollow">' -->
+ value='<a href="/server/select-language.html?callback=$cb" rel="nofollow">'
-->
<!--#set var="closing_anchor" value='</a>' -->
<div id="toplinks">
<a href="#content">Skip to main text</a>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/server select-language.html body-include-1....,
Pavel Kharitonov <=