Le 22/07/2003 18:57, Lincoln Stein a écrit : > But this was fixed long ago in version 2.94. We're at version 2.98 now. The > most up-to-date copy is always in CPAN. Please find attached the patch against CGI.pm version 2.98. -- Erwann Corvellec --- CGI.pm.ori 2003-06-18 21:57:21.000000000 +0200 +++ CGI.pm 2003-07-23 09:53:18.000000000 +0200 @@ -1641,7 +1641,7 @@ unless (defined $action) { $action = $self->url(-absolute=>1,-path=>1); if (length($ENV{QUERY_STRING})>0) { - $action .= "?$ENV{QUERY_STRING}"; + $action .= '?' . $self->escapeHTML($ENV{QUERY_STRING},1); } } $action =~ s/\"/%22/g; # fix cross-site scripting bug reported by obscure
This archive was generated by hypermail 2b30 : Wed Jul 23 2003 - 09:16:26 PDT