From 01949bc965a93a28f0b3cbc6cfbf76dc9d0367bb Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Tue, 26 Nov 2002 07:11:22 +0000
Subject: w3m 0.3.2 branch: security fix * frame.c (createFrameFile):
 html_quote() From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>

---
 ChangeLog |  7 ++++++-
 frame.c   | 19 ++++++++++---------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 43a952d..fe796c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2002-11-26  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+	* w3m 0.3.2 branch: security fix
+	* frame.c (createFrameFile): html_quote()
+
 2002-11-16  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
 
 	* w3m 0.3.2 branch: backport from trunk
@@ -4121,4 +4126,4 @@ a	* [w3m-dev 03276] compile error on EWS4800
 	* release-0-2-1
 	* import w3m-0.2.1
 
-$Id: ChangeLog,v 1.467.4.2 2002/11/26 07:10:18 ukai Exp $
+$Id: ChangeLog,v 1.467.4.3 2002/11/26 07:11:22 ukai Exp $
diff --git a/frame.c b/frame.c
index 7337b18..5476588 100644
--- a/frame.c
+++ b/frame.c
@@ -1,4 +1,4 @@
-/* $Id: frame.c,v 1.17 2002/11/05 15:56:13 ukai Exp $ */
+/* $Id: frame.c,v 1.16.4.1 2002/11/26 07:11:22 ukai Exp $ */
 #include "fm.h"
 #include "parsetagx.h"
 #include "myctype.h"
@@ -519,14 +519,15 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 		    frame.body->attr = F_UNLOADED;
 		    if (frame.body->flags & FB_NO_BUFFER)
 			fprintf(f1, "Open %s with other method",
-				frame.body->url);
+				html_quote(frame.body->url));
 		    else if (frame.body->url)
-			fprintf(f1, "Can't open %s", frame.body->url);
+			fprintf(f1, "Can't open %s",
+				html_quote(frame.body->url));
 		    else
 			fprintf(f1,
 				"This frame (%s) contains no src attribute",
-				frame.body->name ? frame.body->
-				name : "(no name)");
+				frame.body->name ? html_quote(frame.body->name)
+				: "(no name)");
 		    break;
 		}
 		parseURL2(frame.body->url, &base, currentURL);
@@ -620,7 +621,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 			    /* prohibit_tags */
 			    Strshrinkfirst(tok, 1);
 			    Strshrink(tok, 1);
-			    fprintf(f1, "<!-- %s -->", tok->ptr);
+			    fprintf(f1, "<!-- %s -->", html_quote(tok->ptr));
 			    goto token_end;
 			case HTML_TABLE:
 			    t_stack++;
@@ -633,7 +634,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 				Strshrink(tok, 1);
 				fprintf(f1,
 					"<!-- table stack underflow: %s -->",
-					tok->ptr);
+					html_quote(tok->ptr));
 				goto token_end;
 			    }
 			    break;
@@ -653,7 +654,8 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 			    if (!t_stack) {
 				Strshrinkfirst(tok, 1);
 				Strshrink(tok, 1);
-				fprintf(f1, "<!-- %s -->", tok->ptr);
+				fprintf(f1, "<!-- %s -->",
+					html_quote(tok->ptr));
 				goto token_end;
 
 			    }
@@ -790,7 +792,6 @@ renderFrame(Buffer *Cbuf, int force_reload)
     buf->document_code = Cbuf->document_code;
 #endif
     copyParsedURL(&buf->currentURL, &Cbuf->currentURL);
-    preFormUpdateBuffer(buf);
     return buf;
 }
 
-- 
cgit v1.2.3