summaryrefslogtreecommitdiffstats
path: root/cgi-bin/ml-request
diff options
context:
space:
mode:
authorFrank Ch. Eigler <fche@gcc.gnu.org>2012-03-29 19:56:16 +0000
committerFrank Ch. Eigler <fche@gcc.gnu.org>2012-03-29 19:56:16 +0000
commit0ab0fbb62ebb71dcb68b19d52dee1f417ead330b (patch)
tree33a173d2c30bdfbd4d518fa0ca3b161b4e753fdf /cgi-bin/ml-request
parentFix link to libstdc++ manual. (diff)
downloadgcc-wwwdocs-0ab0fbb62ebb71dcb68b19d52dee1f417ead330b.tar.gz
gcc-wwwdocs-0ab0fbb62ebb71dcb68b19d52dee1f417ead330b.tar.bz2
gcc-wwwdocs-0ab0fbb62ebb71dcb68b19d52dee1f417ead330b.tar.xz
prevent xss on listname field
Diffstat (limited to 'cgi-bin/ml-request')
-rwxr-xr-xcgi-bin/ml-request9
1 files changed, 4 insertions, 5 deletions
diff --git a/cgi-bin/ml-request b/cgi-bin/ml-request
index 45ccf36e..00e542bd 100755
--- a/cgi-bin/ml-request
+++ b/cgi-bin/ml-request
@@ -19,7 +19,6 @@ fi
19 19
20normalize() 20normalize()
21{ 21{
22
23 resultstr="`echo $1 | sed 's/+/ /g'`" # first convert +s to spaces 22 resultstr="`echo $1 | sed 's/+/ /g'`" # first convert +s to spaces
24 resultstr=`echo $resultstr | $GAWK -f $CONVAWK` 23 resultstr=`echo $resultstr | $GAWK -f $CONVAWK`
25 24
@@ -88,7 +87,7 @@ then
88fi 87fi
89 88
90 89
91if expr "$email" : '^[a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*$' >/dev/null 90if expr "$email" : '^[a-zA-Z0-9._+-]*@[a-zA-Z0-9._-]*$' -a "$listname" : '^[a-zA-Z0-9._+-]*$'>/dev/null
92then 91then
93 hasgoodform=1 92 hasgoodform=1
94else 93else
@@ -202,7 +201,7 @@ else
202 201
203 echo "<p>You can" 202 echo "<p>You can"
204 echo "also subscribe by sending an e-mail note to" 203 echo "also subscribe by sending an e-mail note to"
205 echo "<code>${listname}-${digest}${operation}@sourceware.org</code>" 204 echo "<code>LISTNAME-[digest-][un]subscribe@sourceware.org</code>"
206 echo "<p>The message body and Subject line are ignored." 205 echo "<p>The message body and Subject line are ignored."
207 206
208 echo "<p>See the" 207 echo "<p>See the"
@@ -224,8 +223,8 @@ else
224 echo 'list name which is not handled on <tt>sourceware.org</tt>.' 223 echo 'list name which is not handled on <tt>sourceware.org</tt>.'
225 224
226 echo '<p>If you are trying to (un)subscribe to/from a mailing list hosted at <b>gnu.org</b>,' 225 echo '<p>If you are trying to (un)subscribe to/from a mailing list hosted at <b>gnu.org</b>,'
227 echo "send a mail note to <b>${listname}-request@gnu.org</b> with a message body" 226 echo "send a mail note to <b>LISTNAME-request@gnu.org</b> with a message body"
228 echo like, \"subscribe ${listname}\". 227 echo like, \"subscribe LISTNAME\".
229 228
230 echo "<p>See the" 229 echo "<p>See the"
231 echo "<a href=\"http://sourceware.org/ml/index.html#faqs\">sourceware" 230 echo "<a href=\"http://sourceware.org/ml/index.html#faqs\">sourceware"