Fossil SCM
Do not allow links with "../" substring or <tt>'<'</tt> character. The former enforces that the link maps into a repo-local page; the later enforces defense against injection of malicious HTML elements.
Commit
6261c94b1e5059d681180cf37a2d82886b0446b72748896993c2643dd1e207f1
Parent
f445855917422ec…
1 file changed
+8
-1
+8
-1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -393,12 +393,19 @@ | ||
| 393 | 393 | /* require the first path segment to be unfancy ASCII string */ |
| 394 | 394 | for( z = zV; z[0] && z[0] != '/' ;){ |
| 395 | 395 | if( fossil_isalnum(z[0]) || z[0]=='_' || z[0]=='-' ) z++; |
| 396 | 396 | else break; |
| 397 | 397 | } |
| 398 | - if( z[0] != 0 && z[0] != '/' ) | |
| 398 | + if( z[0] == '/' ){ | |
| 399 | + /* values may not contain "../" or "<" */ | |
| 400 | + if( strstr(z,"../")!=NULL || strstr(z,"<")!=NULL ){ | |
| 401 | + continue; | |
| 402 | + } | |
| 403 | + } | |
| 404 | + else if( z[0] != 0 ) | |
| 399 | 405 | continue; |
| 406 | + | |
| 400 | 407 | assert( nSubmenu < count(aSubmenu) ); |
| 401 | 408 | if(fossil_islower(zV[0]) && z[0]=='/'){ |
| 402 | 409 | aSubmenu[nSubmenu].zLabel = mprintf( "%s",zV); /* memory leak? */ |
| 403 | 410 | }else{ |
| 404 | 411 | /* prepend a label with an unobtrusive symbol that "sorts-last"; |
| 405 | 412 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -393,12 +393,19 @@ | |
| 393 | /* require the first path segment to be unfancy ASCII string */ |
| 394 | for( z = zV; z[0] && z[0] != '/' ;){ |
| 395 | if( fossil_isalnum(z[0]) || z[0]=='_' || z[0]=='-' ) z++; |
| 396 | else break; |
| 397 | } |
| 398 | if( z[0] != 0 && z[0] != '/' ) |
| 399 | continue; |
| 400 | assert( nSubmenu < count(aSubmenu) ); |
| 401 | if(fossil_islower(zV[0]) && z[0]=='/'){ |
| 402 | aSubmenu[nSubmenu].zLabel = mprintf( "%s",zV); /* memory leak? */ |
| 403 | }else{ |
| 404 | /* prepend a label with an unobtrusive symbol that "sorts-last"; |
| 405 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -393,12 +393,19 @@ | |
| 393 | /* require the first path segment to be unfancy ASCII string */ |
| 394 | for( z = zV; z[0] && z[0] != '/' ;){ |
| 395 | if( fossil_isalnum(z[0]) || z[0]=='_' || z[0]=='-' ) z++; |
| 396 | else break; |
| 397 | } |
| 398 | if( z[0] == '/' ){ |
| 399 | /* values may not contain "../" or "<" */ |
| 400 | if( strstr(z,"../")!=NULL || strstr(z,"<")!=NULL ){ |
| 401 | continue; |
| 402 | } |
| 403 | } |
| 404 | else if( z[0] != 0 ) |
| 405 | continue; |
| 406 | |
| 407 | assert( nSubmenu < count(aSubmenu) ); |
| 408 | if(fossil_islower(zV[0]) && z[0]=='/'){ |
| 409 | aSubmenu[nSubmenu].zLabel = mprintf( "%s",zV); /* memory leak? */ |
| 410 | }else{ |
| 411 | /* prepend a label with an unobtrusive symbol that "sorts-last"; |
| 412 |