1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
$NetBSD: patch-ax,v 1.2 2012/11/02 19:02:51 shattered Exp $
--- htaccess-htpasswd/search.cgi.orig 2011-04-27 00:19:02.000000000 +0200
+++ htaccess-htpasswd/search.cgi 2011-06-15 23:23:42.000000000 +0200
@@ -19,7 +19,8 @@
@dirs = &list_directories();
%got = map { ( "$_->[0]/$config{'htaccess'}", 1 ) } @dirs;
-print "<b>",&text('search_doing', "<tt>$in{'search'}</tt>"),"</b><p>\n";
+print "<b>",&text('search_doing', "<tt>" . &html_escape($in{'search'}) .
+ "</tt>"), "</b><p>\n";
# Use the find command
&switch_user();
@@ -28,10 +29,12 @@
while($f = <FIND>) {
chop($f);
if ($got{$f}) {
- print &text('search_already', "<tt>$f</tt>"),"<br>\n";
+ print &text('search_already', "<tt>" . &html_escape($f) .
+ "</tt>"),"<br>\n";
}
elsif (!open(TEST, $f)) {
- print &text('search_open', "<tt>$f</tt>", $!),"<br>\n";
+ print &text('search_open', "<tt>" . &html_escape($f) . "</tt>",
+ $!),"<br>\n";
}
else {
$conf = &foreign_call($apachemod, "get_htaccess_config", $f);
@@ -40,14 +43,16 @@
$require = &foreign_call($apachemod, "find_directive",
"require", $conf, 1);
if ($currfile && $require) {
- print &text('search_found', "<tt>$f</tt>",
- "<tt>$currfile</tt>"),"<br>\n";
+ print &text('search_found', "<tt>" . &html_escape($f) .
+ "</tt>", "<tt>" . &html_escape($currfile) .
+ "</tt>"),"<br>\n";
local $d = $f;
$d =~ s/\/$config{'htaccess'}$//;
push(@dirs, [ $d, $currfile ]);
}
else {
- print &text('search_noprot', "<tt>$f</tt>"),"<br>\n";
+ print &text('search_noprot', "<tt>" .
+ &html_escape($f) . "</tt>"),"<br>\n";
}
}
}
|
