pkgsrc/sysutils/webmin/patches/patch-am

$NetBSD: patch-am,v 1.2 2020/09/07 10:34:52 mef Exp $

Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).

--- mysql/search_form.cgi.orig	2007-09-21 23:26:42.000000000 +0200
+++ mysql/search_form.cgi
@@ -12,7 +12,8 @@ require './view-lib.pl';
 &can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
 @str = &table_structure($in{'db'}, $in{'table'});
 
-$desc = &text('table_header', "<tt>$in{'table'}</tt>", "<tt>$in{'db'}</tt>");
+$desc = &text('table_header', "<tt>" . &html_escape($in{'table'}) .
+	"</tt>", "<tt>" . &html_escape($in{'db'}) . "</tt>");
 &ui_print_header($desc, $text{'adv_title'}, "");
 
 print &ui_form_start("view_table.cgi", "post");
@@ -36,13 +37,13 @@ print "</table>\n";
 print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
 
 if ($access{'edonly'}) {
-	&ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
-		"", $text{'index_return'});
+	&ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
+		$text{'dbase_return'}, "", $text{'index_return'});
 	}
 else {
-	&ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
-		$text{'table_return'},
-		"edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
-		"", $text{'index_return'});
+	&ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
+		"&table=" . &urlize($in{'table'}), $text{'table_return'},
+		"edit_dbase.cgi?db=" .  &urlize($in{'db'}),
+		$text{'dbase_return'}, "", $text{'index_return'});
 	}