|
|
Amaya wrote (Fri 2006-Dec-22 17:04:41 +0100):
> Sven Dowideit wrote:
..
> > --- lib/TWiki.pm.orig 2006-10-25 02:16:05.000000000 +0200
> > +++ lib/TWiki.pm 2006-12-21 16:52:23.000000000 +0100
> > @@ -720,6 +720,19 @@
> >
> > ASSERT($this->isa( 'TWiki')) if DEBUG;
> >
> > + # prevent phishing byt only allowing redirect to configured host
> > + if( $url =~ m!^([^:]*://[^/]*)(/.*)?$! ) {
> > + my $host = $1;
> > + unless ($host eq $TWiki::cfg{DefaultUrlHost}) {
Please note that this change does not match the syntax suggested
for the value of DefaultUrlHost in LocalSite.cfg: A trailing
slash is given in the default config but excluded from the first
pair of brackets in the above regular expression.
quantum3:~# grep DefaultUrlHost /etc/twiki/LocalSite.cfg_DISTR
$TWiki::cfg{DefaultUrlHost} = 'http://localhost/';
Lazy people who have simple never set DefaultUrlHost (because up
to now there was no need to) might go slightly crazy until they
have finally found out which value they need to change AND that
the trailing slash must be omitted...
Cheers, Marcus
--
Marcus C. Gottwald
Quantum Hydrometrie GmbH, Zossener Str. 55, 10961 Berlin, Germany
Tel: +49.(0)30.698110-0, Fax: +49.(0)30.698110-99
eMail: <gottwald@xxxxxxxxxxxxxxxxxxxxxx>
Web: www.quantum-hydrometrie.de">http://www.quantum-hydrometrie.de
--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
|
|