From 3ef2526bccb00c9c02f7c435e3b0601b6f5d9e37 Mon Sep 17 00:00:00 2001 From: David Brooks Date: Fri, 11 Jul 2014 18:37:39 +0900 Subject: [PATCH] Possible fix for JS injection issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I believe the problem lies in this file. I’m unable to get my box to update the file when I push it and I’m not sure why. Please test and report back. --- piratebox/piratebox/www/cgi-bin/psowrte.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/piratebox/piratebox/www/cgi-bin/psowrte.py b/piratebox/piratebox/www/cgi-bin/psowrte.py index 0a9d96f..fd12cdd 100755 --- a/piratebox/piratebox/www/cgi-bin/psowrte.py +++ b/piratebox/piratebox/www/cgi-bin/psowrte.py @@ -11,9 +11,11 @@ print "Content-type:text/html\r\n\r\n" values = cgi.FieldStorage() if values.has_key("name"): - name = values["name"].value + rawname = values["name"].value else: - name = " " + rawname = " " +namepass = re.sub("<", "<", rawname) +name = re.sub(">", ">", namepass) if values.has_key("data"): rawdata = values["data"].value else: @@ -23,7 +25,7 @@ data = re.sub(">", ">", datapass) color = values["color"].value curdate = datetime.datetime.now() -process_form( name , rawdata , color ) +process_form( rawname , rawdata , color ) print """ok"""