Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 129536 Details for
Bug 187971
Gentoo Website Command Injection Issue
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix for sql injection and the crash problem in query_package.py
query_package.py.diff (text/plain), 606 bytes, created by
Christian Hoffmann (RETIRED)
on 2007-08-29 14:53:43 UTC
(
hide
)
Description:
fix for sql injection and the crash problem in query_package.py
Filename:
MIME Type:
Creator:
Christian Hoffmann (RETIRED)
Created:
2007-08-29 14:53:43 UTC
Size:
606 bytes
patch
obsolete
>--- gentoo/src/packages/query_package.py 2005-10-04 03:51:29.000000000 +0200 >+++ packages-fixes/query_package.py 2007-08-29 16:16:55.000000000 +0200 >@@ -33,9 +33,12 @@ > > > form = cgi.FieldStorage() >-name = form.getvalue("name","") >-category = form.getvalue("category","") >-offset = form.getvalue("offset","0") >+name = form.getfirst("name","") >+category = form.getfirst("category","") >+try: >+ offset = int(form.getfirst("offset","0")) >+except ValueError: >+ offset = 0 > > query = ('SELECT category,name,homepage,description,license ' > 'FROM package WHERE category="%s"' % escape_string(category))
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=129536">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 187971
: 129536 |
129537
|
136220
