Fossil SCM
Fix SQL Injection vulnerability introduced by the new code in this branch. There still exists XSS vulnerabilities, but this is a first step.
Commit
ffb5a4671577ec0747d9bc7c897b0acea813bd7f9fc07d683309cdd15fdb8645
Parent
7b41c73e678ca0c…
1 file changed
+8
-4
+8
-4
| --- src/tktsetup.c | ||
| +++ src/tktsetup.c | ||
| @@ -520,14 +520,18 @@ | ||
| 520 | 520 | @ <th1>enable_output 1</th1> |
| 521 | 521 | @ <tr><td class="tktDspLabel">Version Found In:</td> |
| 522 | 522 | @ <td colspan="3" valign="top" class="tktDspValue"> |
| 523 | 523 | @ <th1> |
| 524 | 524 | @ set versionlink "" |
| 525 | -@ query "SELECT count(*) AS match FROM tag WHERE tagname = 'sym-$foundin'" { | |
| 526 | -@ if {$match} {set versionlink "/timeline?t=$foundin"}} | |
| 527 | -@ query "SELECT count(*) AS match FROM blob WHERE uuid LIKE '$foundin%'" { | |
| 528 | -@ if {$match} {set versionlink "/info/$foundin"}} | |
| 525 | +@ query {SELECT count(*) AS match FROM tag | |
| 526 | +@ WHERE tagname=concat('sym-',$foundin)} { | |
| 527 | +@ if {$match} {set versionlink "/timeline?t=$foundin"} | |
| 528 | +@ } | |
| 529 | +@ set pattern $foundin% | |
| 530 | +@ query {SELECT count(*) AS match FROM blob WHERE uuid GLOB $pattern} { | |
| 531 | +@ if {$match} {set versionlink "/info/$foundin"} | |
| 532 | +@ } | |
| 529 | 533 | @ if {$versionlink eq ""} { |
| 530 | 534 | @ html "$foundin" |
| 531 | 535 | @ } else { |
| 532 | 536 | @ html "<a href=\"$versionlink\">$foundin</a>" |
| 533 | 537 | @ } |
| 534 | 538 |
| --- src/tktsetup.c | |
| +++ src/tktsetup.c | |
| @@ -520,14 +520,18 @@ | |
| 520 | @ <th1>enable_output 1</th1> |
| 521 | @ <tr><td class="tktDspLabel">Version Found In:</td> |
| 522 | @ <td colspan="3" valign="top" class="tktDspValue"> |
| 523 | @ <th1> |
| 524 | @ set versionlink "" |
| 525 | @ query "SELECT count(*) AS match FROM tag WHERE tagname = 'sym-$foundin'" { |
| 526 | @ if {$match} {set versionlink "/timeline?t=$foundin"}} |
| 527 | @ query "SELECT count(*) AS match FROM blob WHERE uuid LIKE '$foundin%'" { |
| 528 | @ if {$match} {set versionlink "/info/$foundin"}} |
| 529 | @ if {$versionlink eq ""} { |
| 530 | @ html "$foundin" |
| 531 | @ } else { |
| 532 | @ html "<a href=\"$versionlink\">$foundin</a>" |
| 533 | @ } |
| 534 |
| --- src/tktsetup.c | |
| +++ src/tktsetup.c | |
| @@ -520,14 +520,18 @@ | |
| 520 | @ <th1>enable_output 1</th1> |
| 521 | @ <tr><td class="tktDspLabel">Version Found In:</td> |
| 522 | @ <td colspan="3" valign="top" class="tktDspValue"> |
| 523 | @ <th1> |
| 524 | @ set versionlink "" |
| 525 | @ query {SELECT count(*) AS match FROM tag |
| 526 | @ WHERE tagname=concat('sym-',$foundin)} { |
| 527 | @ if {$match} {set versionlink "/timeline?t=$foundin"} |
| 528 | @ } |
| 529 | @ set pattern $foundin% |
| 530 | @ query {SELECT count(*) AS match FROM blob WHERE uuid GLOB $pattern} { |
| 531 | @ if {$match} {set versionlink "/info/$foundin"} |
| 532 | @ } |
| 533 | @ if {$versionlink eq ""} { |
| 534 | @ html "$foundin" |
| 535 | @ } else { |
| 536 | @ html "<a href=\"$versionlink\">$foundin</a>" |
| 537 | @ } |
| 538 |