Fossil SCM
New security feature: Reject any query parameter, POST parameter, or cookie whose name contains a non-alphanumeric character.
Commit
be5d83f93ac66f6553a874704dd2f6c439cf6aa7b78f29d0fa591177399ca233
Parent
d470fc70d661aa1…
2 files changed
+8
+1
-1
+8
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -114,10 +114,18 @@ | ||
| 114 | 114 | return (c>='a' && c<='z') || (c>='A' && c<='Z'); |
| 115 | 115 | } |
| 116 | 116 | int fossil_isalnum(char c){ |
| 117 | 117 | return (c>='a' && c<='z') || (c>='A' && c<='Z') || (c>='0' && c<='9'); |
| 118 | 118 | } |
| 119 | + | |
| 120 | +/* Return true if and only if the entire string consists of only | |
| 121 | +** alphanumeric characters. | |
| 122 | +*/ | |
| 123 | +int fossil_all_alnum(const char *z){ | |
| 124 | + while( z && fossil_isalnum(z[0]) ) z++; | |
| 125 | + return z[0]==0; | |
| 126 | +} | |
| 119 | 127 | |
| 120 | 128 | |
| 121 | 129 | /* |
| 122 | 130 | ** COMMAND: test-isspace |
| 123 | 131 | ** |
| 124 | 132 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -114,10 +114,18 @@ | |
| 114 | return (c>='a' && c<='z') || (c>='A' && c<='Z'); |
| 115 | } |
| 116 | int fossil_isalnum(char c){ |
| 117 | return (c>='a' && c<='z') || (c>='A' && c<='Z') || (c>='0' && c<='9'); |
| 118 | } |
| 119 | |
| 120 | |
| 121 | /* |
| 122 | ** COMMAND: test-isspace |
| 123 | ** |
| 124 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -114,10 +114,18 @@ | |
| 114 | return (c>='a' && c<='z') || (c>='A' && c<='Z'); |
| 115 | } |
| 116 | int fossil_isalnum(char c){ |
| 117 | return (c>='a' && c<='z') || (c>='A' && c<='Z') || (c>='0' && c<='9'); |
| 118 | } |
| 119 | |
| 120 | /* Return true if and only if the entire string consists of only |
| 121 | ** alphanumeric characters. |
| 122 | */ |
| 123 | int fossil_all_alnum(const char *z){ |
| 124 | while( z && fossil_isalnum(z[0]) ) z++; |
| 125 | return z[0]==0; |
| 126 | } |
| 127 | |
| 128 | |
| 129 | /* |
| 130 | ** COMMAND: test-isspace |
| 131 | ** |
| 132 |
+1
-1
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -585,11 +585,11 @@ | ||
| 585 | 585 | dehttpize(zValue); |
| 586 | 586 | }else{ |
| 587 | 587 | if( *z ){ *z++ = 0; } |
| 588 | 588 | zValue = ""; |
| 589 | 589 | } |
| 590 | - if( fossil_islower(zName[0]) ){ | |
| 590 | + if( fossil_islower(zName[0]) && fossil_all_alnum(zName+1) ){ | |
| 591 | 591 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 592 | 592 | } |
| 593 | 593 | #ifdef FOSSIL_ENABLE_JSON |
| 594 | 594 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 595 | 595 | #endif /* FOSSIL_ENABLE_JSON */ |
| 596 | 596 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -585,11 +585,11 @@ | |
| 585 | dehttpize(zValue); |
| 586 | }else{ |
| 587 | if( *z ){ *z++ = 0; } |
| 588 | zValue = ""; |
| 589 | } |
| 590 | if( fossil_islower(zName[0]) ){ |
| 591 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 592 | } |
| 593 | #ifdef FOSSIL_ENABLE_JSON |
| 594 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 595 | #endif /* FOSSIL_ENABLE_JSON */ |
| 596 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -585,11 +585,11 @@ | |
| 585 | dehttpize(zValue); |
| 586 | }else{ |
| 587 | if( *z ){ *z++ = 0; } |
| 588 | zValue = ""; |
| 589 | } |
| 590 | if( fossil_islower(zName[0]) && fossil_all_alnum(zName+1) ){ |
| 591 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 592 | } |
| 593 | #ifdef FOSSIL_ENABLE_JSON |
| 594 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 595 | #endif /* FOSSIL_ENABLE_JSON */ |
| 596 |