389-dsgw

Clone
Source Code
GIT

6440839 1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.

Authored and Committed by rmeggins 16 years ago
raw patch tree parent
38 files changed. 159 lines added. 36 lines removed.
config/display-dnedit.html.in
file modified
+1 -1
config/display-dneditpeople.html.in
file modified
+1 -1
dbtdsgw.h
file modified
+15 -0
dnedit.c
file modified
+11 -1
domodify.c
file modified
+8 -1
dsgw.h
file modified
+3 -1
dsgwutil.c
file modified
+1 -2
edit.c
file modified
+1 -1
entrydisplay.c
file modified
+6 -9
htmlout.c
file modified
+56 -0
ldaputil.c
file modified
+2 -2
tests/csearch/testpost.1
file added
+0
tests/csearch/testpost.10
file added
+1
tests/csearch/testpost.11
file added
+1
tests/csearch/testpost.12
file added
+1
tests/csearch/testpost.13
file added
+1
tests/csearch/testpost.14
file added
+1
tests/csearch/testpost.15
file added
+1
tests/csearch/testpost.2
file added
+1
tests/csearch/testpost.3
file added
+1
tests/csearch/testpost.4
file added
+1
tests/csearch/testpost.5
file added
+1
tests/csearch/testpost.6
file added
+1
tests/csearch/testpost.7
file added
+1
tests/csearch/testpost.8
file added
+1
tests/csearch/testpost.9
file added
+1
tests/dnedit/testget.1
file added
+0
tests/dnedit/testget.2
file added
+1
tests/dnedit/testget.3
file added
+1
tests/domodify/testpost.10
file added
+1
tests/domodify/testpost.11
file added
+1
tests/domodify/testpost.12
file added
+1
tests/domodify/testpost.13
file added
+1
tests/domodify/testpost.14
file added
+1
tests/domodify/testpost.15
file added
+1
tests/domodify/testpost.16
file added
+14
tests/domodify/testpost.17
file added
+1
tests/setup.sh
file modified
+17 -17 
    1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser.  I have removed this code and put it in the resource file.  The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments.  It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
    
    2) Make the checking for the template file names stricter.
    
    3) Added many new tests.
    
    4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.
file modified
+1 -1
file modified
+1 -1
file modified
+15 -0
file modified
+11 -1
file modified
+8 -1
file modified
+3 -1
file modified
+1 -2
file modified
+1 -1
file modified
+6 -9
file modified
+56 -0
file modified
+2 -2
file added
+0
empty file added
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+0
empty file added
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+1
file added
+14
file added
+1
file modified
+17 -17
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.