diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | file.c | 6 | ||||
| -rw-r--r-- | version.c.in | 4 |
4 files changed, 22 insertions, 6 deletions
@@ -1,3 +1,13 @@ +2002-12-06 Fumitoshi UKAI <ukai@debian.or.jp> + + * version.c.in: w3m/0.3.2.2+cvs + * NEWS: 0.3.2.2 + +2002-12-06 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + + * security fix + * file.c (process_img): html_quote() + 2002-12-06 Takahashi Youichirou <nikuq@hk.airnet.ne.jp> * [w3m-dev 03530] save history @@ -5542,4 +5552,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.595 2002/12/05 16:34:33 ukai Exp $ +$Id: ChangeLog,v 1.596 2002/12/06 03:40:45 ukai Exp $ @@ -29,6 +29,12 @@ w3m 0.3.3 or 0.4? ---------------------------------------------------------------- +w3m 0.3.2.2 - 2002-12-06 + +* security fix: html_quote for img alt attributes + +---------------------------------------------------------------- + w3m 0.3.2.1 - 2002-11-27 * security fix: html_quote for frame contents @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.147 2002/12/05 16:33:06 ukai Exp $ */ +/* $Id: file.c,v 1.148 2002/12/06 03:40:45 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include "myctype.h" @@ -3139,11 +3139,11 @@ process_img(struct parsed_tag *tag, int width) Strcat_charp(tmp, html_quote(Strnew_charp_n(q, nw)->ptr)); } else - Strcat_charp(tmp, q); + Strcat_charp(tmp, html_quote(q)); } else #endif - Strcat_charp(tmp, q); + Strcat_charp(tmp, html_quote(q)); goto img_end; } if (w > 0 && i > 0) { diff --git a/version.c.in b/version.c.in index ddac040..e60ae4b 100644 --- a/version.c.in +++ b/version.c.in @@ -1,5 +1,5 @@ -/* $Id: version.c.in,v 1.27 2002/11/27 03:01:25 ukai Exp $ */ -#define CURRENT_VERSION "w3m/0.3.2.1+cvs" +/* $Id: version.c.in,v 1.28 2002/12/06 03:40:45 ukai Exp $ */ +#define CURRENT_VERSION "w3m/0.3.2.2+cvs" #ifndef FM_H char *w3m_version = CURRENT_VERSION; |