summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Pazdziora <jpazdziora@redhat.com>2011-09-07 07:00:07 (GMT)
committerJan Pazdziora <jpazdziora@redhat.com>2011-09-16 09:26:36 (GMT)
commit890781d7ec983e32fe83af2f7c033d087292851f (patch)
tree4cbaf2f1d3b329d758662a01ba12e35427a517e1
parente0d41e73f3b263ce5211f735e39a70543949f7c1 (diff)
downloadspacewalk-890781d7ec983e32fe83af2f7c033d087292851f.zip
spacewalk-890781d7ec983e32fe83af2f7c033d087292851f.tar.gz
spacewalk-890781d7ec983e32fe83af2f7c033d087292851f.tar.xz
CVE-2011-3344, 731647 - HTML-encode the self-referencing link.
-rw-r--r--web/modules/pxt/PXT/Handlers.pm3
1 files changed, 2 insertions, 1 deletions
diff --git a/web/modules/pxt/PXT/Handlers.pm b/web/modules/pxt/PXT/Handlers.pm
index 5f5435c..b5c7845 100644
--- a/web/modules/pxt/PXT/Handlers.pm
+++ b/web/modules/pxt/PXT/Handlers.pm
@@ -21,6 +21,7 @@ use RHN::DB ();
use PXT::Config ();
use PXT::Handlers ();
use PXT::Utils ();
+use HTML::Entities ();
sub register_primary_tags {
my $class = shift;
@@ -129,7 +130,7 @@ sub pxt_passthrough_handler {
sub pxt_form_handler {
my $pxt = shift;
my %a = @_;
- $a{action} ||= $pxt->uri;
+ $a{action} ||= HTML::Entities::encode_entities($pxt->uri, '<>&"');
my $block = delete $a{__block__};
my $s = join(" ", map {lc($_) . qq(="$a{$_}")} keys %a);
return "<form $s>" . $block . "</form>";