* Fix a few bugs around page titles containing html. The worst of these
is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.master
parent
9bf29d60b2
commit
1c65ca4922
|
@ -1,4 +1,4 @@
|
|||
ikiwiki (1.46) UNRELEASED; urgency=low
|
||||
ikiwiki (1.46) unstable; urgency=low
|
||||
|
||||
* Fix a bug with inlined create page links, including Discussion links on
|
||||
blog post pages. The links will now create pages relative to the page that
|
||||
|
@ -12,8 +12,11 @@ ikiwiki (1.46) UNRELEASED; urgency=low
|
|||
same time, and let the second person resolve the conflict.
|
||||
* Applied a patch from Michał to make the mercurial backend pass --quiet to
|
||||
hg.
|
||||
* Fix a few bugs around page titles containing html. The worst of these
|
||||
is an actual security hole as it allows insertion of html into the title
|
||||
element of a page, which is not processed by the htmlscrubber.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Sun, 18 Mar 2007 18:22:12 -0400
|
||||
-- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:51:30 -0400
|
||||
|
||||
ikiwiki (1.45) unstable; urgency=low
|
||||
|
||||
|
|
|
@ -293,3 +293,14 @@ This hole was discovered on 10 Feb 2007 and fixed the same day with the
|
|||
release of ikiwiki 1.42. A fix was also backported to Debian etch, as
|
||||
version 1.33.1. I recommend upgrading to one of these versions if your wiki
|
||||
allows web editing.
|
||||
|
||||
## html insertion via title
|
||||
|
||||
Missing html escaping of the title contents allowed a web-based editor to
|
||||
insert arbitrary html inside the title tag of a page. Since that part of
|
||||
the page is not processed by the htmlscrubber, evil html could be injected.
|
||||
|
||||
This hole was discovered on 21 March 2007 and fixed the same day (er, hour)
|
||||
with the release of ikiwiki 1.46. A fix was also backported to Debian etch,
|
||||
as version 1.33.2. I recommend upgrading to one of these versions if your
|
||||
wiki allows web editing or aggregates feeds.
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2007-03-17 19:21-0400\n"
|
||||
"POT-Creation-Date: 2007-03-21 01:50-0400\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -41,17 +41,17 @@ msgstr ""
|
|||
msgid "creating %s"
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/CGI.pm:481 ../IkiWiki/CGI.pm:496 ../IkiWiki/CGI.pm:518
|
||||
#: ../IkiWiki/CGI.pm:562
|
||||
#: ../IkiWiki/CGI.pm:481 ../IkiWiki/CGI.pm:496 ../IkiWiki/CGI.pm:507
|
||||
#: ../IkiWiki/CGI.pm:533 ../IkiWiki/CGI.pm:577
|
||||
#, perl-format
|
||||
msgid "editing %s"
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/CGI.pm:659
|
||||
#: ../IkiWiki/CGI.pm:674
|
||||
msgid "You are banned."
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/CGI.pm:691
|
||||
#: ../IkiWiki/CGI.pm:706
|
||||
msgid "login failed, perhaps you need to turn on cookies?"
|
||||
msgstr ""
|
||||
|
||||
|
@ -472,15 +472,15 @@ msgstr ""
|
|||
msgid "generating wrappers.."
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/Setup/Standard.pm:71
|
||||
#: ../IkiWiki/Setup/Standard.pm:72
|
||||
msgid "rebuilding wiki.."
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/Setup/Standard.pm:74
|
||||
#: ../IkiWiki/Setup/Standard.pm:75
|
||||
msgid "refreshing wiki.."
|
||||
msgstr ""
|
||||
|
||||
#: ../IkiWiki/Setup/Standard.pm:83
|
||||
#: ../IkiWiki/Setup/Standard.pm:84
|
||||
msgid "done"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<p>
|
||||
<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a><br />
|
||||
<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a><br />
|
||||
<i>
|
||||
Posted <TMPL_VAR CTIME>
|
||||
</i>
|
||||
|
|
|
@ -10,9 +10,9 @@
|
|||
</TMPL_IF>
|
||||
<span class="header">
|
||||
<TMPL_IF NAME="PERMALINK">
|
||||
<a href="<TMPL_VAR PERMALINK>"><TMPL_VAR TITLE></a>
|
||||
<a href="<TMPL_VAR PERMALINK>"><TMPL_VAR TITLE ESCAPE=HTML></a>
|
||||
<TMPL_ELSE>
|
||||
<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a>
|
||||
<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a>
|
||||
</TMPL_IF>
|
||||
</span>
|
||||
<TMPL_VAR CONTENT>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title><TMPL_VAR TITLE></title>
|
||||
<title><TMPL_VAR TITLE ESCAPE=HTML></title>
|
||||
<link rel="stylesheet" href="<TMPL_VAR BASEURL>style.css" type="text/css" />
|
||||
<link rel="stylesheet" href="<TMPL_VAR BASEURL>local.css" type="text/css" />
|
||||
<TMPL_IF NAME="FAVICON">
|
||||
|
@ -19,7 +19,7 @@
|
|||
<TMPL_LOOP NAME="PARENTLINKS">
|
||||
<a href="<TMPL_VAR NAME=URL>"><TMPL_VAR NAME=PAGE></a>/
|
||||
</TMPL_LOOP>
|
||||
<TMPL_VAR TITLE>
|
||||
<TMPL_VAR TITLE ESCAPE=HTML>
|
||||
</span>
|
||||
<TMPL_IF NAME="SEARCHFORM">
|
||||
<TMPL_VAR SEARCHFORM>
|
||||
|
|
|
@ -1 +1 @@
|
|||
<p><a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a></p>
|
||||
<p><a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a></p>
|
||||
|
|
Loading…
Reference in New Issue