diff options
| author | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
|---|---|---|
| committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
| commit | 54702c4d832bdcb24f24852a96d5336e5adca75a (patch) | |
| tree | fe085dcc00e3e163a238798a9ab10c2319a1bad7 /scripts/w3mman | |
| parent | helpdir default PREFIX/share/w3m (diff) | |
| download | w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip | |
Security hole in multipart.cgi.in, w3mman2html.cgi.in
From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
Diffstat (limited to 'scripts/w3mman')
| -rw-r--r-- | scripts/w3mman/w3mman2html.cgi.in | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/scripts/w3mman/w3mman2html.cgi.in b/scripts/w3mman/w3mman2html.cgi.in index 68f318a..6786928 100644 --- a/scripts/w3mman/w3mman2html.cgi.in +++ b/scripts/w3mman/w3mman2html.cgi.in @@ -31,7 +31,7 @@ Content-Type: text/html <h2>man -k <b>$k</b></h2> <ul> EOF - $keyword =~ s:([^\w./]):\\$1:g; + $keyword =~ s:([^-\w\200-\377.,])::g; open(F, "$MAN -k $keyword 2> /dev/null |"); @line = (); while(<F>) { @@ -82,8 +82,8 @@ if ($man =~ s/\((\w+)\)$//) { $man_section = "$man"; } -$section =~ s:([^\w./]):\\$1:g; -$man =~ s:([^\w./]):\\$1:g; +$section =~ s:([^-\w\200-\377.,])::g; +$man =~ s:([^-\w\200-\377.,])::g; open(F, "$MAN $section $man 2> /dev/null |"); $ok = 0; undef $header; |